CVE-2024-23825 (GCVE-0-2024-23825)
Vulnerability from cvelistv5 – Published: 2024-01-30 16:22 – Updated: 2025-05-29 15:04
VLAI?
Title
TablePress SSRF vulnerability due to insufficient filtering of cloud provider hosts
Summary
TablePress is a table plugin for Wordpress. For importing tables, TablePress makes external HTTP requests based on a URL that is provided by the user. That user input is filtered insufficiently, which makes it is possible to send requests to unintended network locations and receive responses. On sites in a cloud environment like AWS, an attacker can potentially make GET requests to the instance's metadata REST API. If the instance's configuration is insecure, this can lead to the exposure of internal data, including credentials. This vulnerability is fixed in 2.2.5.
Severity ?
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| TablePress | TablePress |
Affected:
< 2.2.5
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:13:08.237Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/TablePress/TablePress/security/advisories/GHSA-x8rf-c8x6-mrpg",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/TablePress/TablePress/security/advisories/GHSA-x8rf-c8x6-mrpg"
},
{
"name": "https://github.com/TablePress/TablePress/commit/62aab50e7a9c486caaeff26dff4dc01e059ecb91",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/TablePress/TablePress/commit/62aab50e7a9c486caaeff26dff4dc01e059ecb91"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-23825",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-08T15:38:31.880651Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-29T15:04:54.089Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "TablePress",
"vendor": "TablePress",
"versions": [
{
"status": "affected",
"version": "\u003c 2.2.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TablePress is a table plugin for Wordpress. For importing tables, TablePress makes external HTTP requests based on a URL that is provided by the user. That user input is filtered insufficiently, which makes it is possible to send requests to unintended network locations and receive responses. On sites in a cloud environment like AWS, an attacker can potentially make GET requests to the instance\u0027s metadata REST API. If the instance\u0027s configuration is insecure, this can lead to the exposure of internal data, including credentials. This vulnerability is fixed in 2.2.5."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918: Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-30T16:22:04.876Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/TablePress/TablePress/security/advisories/GHSA-x8rf-c8x6-mrpg",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/TablePress/TablePress/security/advisories/GHSA-x8rf-c8x6-mrpg"
},
{
"name": "https://github.com/TablePress/TablePress/commit/62aab50e7a9c486caaeff26dff4dc01e059ecb91",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/TablePress/TablePress/commit/62aab50e7a9c486caaeff26dff4dc01e059ecb91"
}
],
"source": {
"advisory": "GHSA-x8rf-c8x6-mrpg",
"discovery": "UNKNOWN"
},
"title": "TablePress SSRF vulnerability due to insufficient filtering of cloud provider hosts"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-23825",
"datePublished": "2024-01-30T16:22:04.876Z",
"dateReserved": "2024-01-22T22:23:54.338Z",
"dateUpdated": "2025-05-29T15:04:54.089Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:tablepress:tablepress:*:*:*:*:*:wordpress:*:*\", \"versionEndExcluding\": \"2.2.5\", \"matchCriteriaId\": \"0B3AFBC2-9363-4181-8CFE-E00D51043CAD\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"TablePress is a table plugin for Wordpress. For importing tables, TablePress makes external HTTP requests based on a URL that is provided by the user. That user input is filtered insufficiently, which makes it is possible to send requests to unintended network locations and receive responses. On sites in a cloud environment like AWS, an attacker can potentially make GET requests to the instance\u0027s metadata REST API. If the instance\u0027s configuration is insecure, this can lead to the exposure of internal data, including credentials. This vulnerability is fixed in 2.2.5.\"}, {\"lang\": \"es\", \"value\": \"TablePress es un complemento de tablas para Wordpress. Para importar tablas, TablePress realiza solicitudes HTTP externas basadas en una URL proporcionada por el usuario. Esa entrada del usuario no se filtra lo suficiente, lo que hace posible enviar solicitudes a ubicaciones de red no deseadas y recibir respuestas. En sitios en un entorno de nube como AWS, un atacante puede potencialmente realizar solicitudes GET a la API REST de metadatos de la instancia. Si la configuraci\\u00f3n de la instancia no es segura, esto puede provocar la exposici\\u00f3n de datos internos, incluidas las credenciales. Esta vulnerabilidad se solucion\\u00f3 en 2.2.5.\"}]",
"id": "CVE-2024-23825",
"lastModified": "2024-11-21T08:58:30.060",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"security-advisories@github.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N\", \"baseScore\": 3.0, \"baseSeverity\": \"LOW\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"HIGH\", \"userInteraction\": \"NONE\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 1.3, \"impactScore\": 1.4}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N\", \"baseScore\": 4.9, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"HIGH\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 1.2, \"impactScore\": 3.6}]}",
"published": "2024-01-30T17:15:11.180",
"references": "[{\"url\": \"https://github.com/TablePress/TablePress/commit/62aab50e7a9c486caaeff26dff4dc01e059ecb91\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Patch\"]}, {\"url\": \"https://github.com/TablePress/TablePress/security/advisories/GHSA-x8rf-c8x6-mrpg\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Exploit\", \"Vendor Advisory\"]}, {\"url\": \"https://github.com/TablePress/TablePress/commit/62aab50e7a9c486caaeff26dff4dc01e059ecb91\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"https://github.com/TablePress/TablePress/security/advisories/GHSA-x8rf-c8x6-mrpg\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Vendor Advisory\"]}]",
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"security-advisories@github.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-918\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-918\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2024-23825\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2024-01-30T17:15:11.180\",\"lastModified\":\"2024-11-21T08:58:30.060\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"TablePress is a table plugin for Wordpress. For importing tables, TablePress makes external HTTP requests based on a URL that is provided by the user. That user input is filtered insufficiently, which makes it is possible to send requests to unintended network locations and receive responses. On sites in a cloud environment like AWS, an attacker can potentially make GET requests to the instance\u0027s metadata REST API. If the instance\u0027s configuration is insecure, this can lead to the exposure of internal data, including credentials. This vulnerability is fixed in 2.2.5.\"},{\"lang\":\"es\",\"value\":\"TablePress es un complemento de tablas para Wordpress. Para importar tablas, TablePress realiza solicitudes HTTP externas basadas en una URL proporcionada por el usuario. Esa entrada del usuario no se filtra lo suficiente, lo que hace posible enviar solicitudes a ubicaciones de red no deseadas y recibir respuestas. En sitios en un entorno de nube como AWS, un atacante puede potencialmente realizar solicitudes GET a la API REST de metadatos de la instancia. Si la configuraci\u00f3n de la instancia no es segura, esto puede provocar la exposici\u00f3n de datos internos, incluidas las credenciales. Esta vulnerabilidad se solucion\u00f3 en 2.2.5.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N\",\"baseScore\":3.0,\"baseSeverity\":\"LOW\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.3,\"impactScore\":1.4},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":4.9,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.2,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-918\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-918\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:tablepress:tablepress:*:*:*:*:*:wordpress:*:*\",\"versionEndExcluding\":\"2.2.5\",\"matchCriteriaId\":\"0B3AFBC2-9363-4181-8CFE-E00D51043CAD\"}]}]}],\"references\":[{\"url\":\"https://github.com/TablePress/TablePress/commit/62aab50e7a9c486caaeff26dff4dc01e059ecb91\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/TablePress/TablePress/security/advisories/GHSA-x8rf-c8x6-mrpg\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]},{\"url\":\"https://github.com/TablePress/TablePress/commit/62aab50e7a9c486caaeff26dff4dc01e059ecb91\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/TablePress/TablePress/security/advisories/GHSA-x8rf-c8x6-mrpg\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://github.com/TablePress/TablePress/security/advisories/GHSA-x8rf-c8x6-mrpg\", \"name\": \"https://github.com/TablePress/TablePress/security/advisories/GHSA-x8rf-c8x6-mrpg\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"https://github.com/TablePress/TablePress/commit/62aab50e7a9c486caaeff26dff4dc01e059ecb91\", \"name\": \"https://github.com/TablePress/TablePress/commit/62aab50e7a9c486caaeff26dff4dc01e059ecb91\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-01T23:13:08.237Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-23825\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-05-08T15:38:31.880651Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-05-08T15:38:33.304Z\"}}], \"cna\": {\"title\": \"TablePress SSRF vulnerability due to insufficient filtering of cloud provider hosts\", \"source\": {\"advisory\": \"GHSA-x8rf-c8x6-mrpg\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 3, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"LOW\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"HIGH\", \"confidentialityImpact\": \"LOW\"}}], \"affected\": [{\"vendor\": \"TablePress\", \"product\": \"TablePress\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 2.2.5\"}]}], \"references\": [{\"url\": \"https://github.com/TablePress/TablePress/security/advisories/GHSA-x8rf-c8x6-mrpg\", \"name\": \"https://github.com/TablePress/TablePress/security/advisories/GHSA-x8rf-c8x6-mrpg\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/TablePress/TablePress/commit/62aab50e7a9c486caaeff26dff4dc01e059ecb91\", \"name\": \"https://github.com/TablePress/TablePress/commit/62aab50e7a9c486caaeff26dff4dc01e059ecb91\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"TablePress is a table plugin for Wordpress. For importing tables, TablePress makes external HTTP requests based on a URL that is provided by the user. That user input is filtered insufficiently, which makes it is possible to send requests to unintended network locations and receive responses. On sites in a cloud environment like AWS, an attacker can potentially make GET requests to the instance\u0027s metadata REST API. If the instance\u0027s configuration is insecure, this can lead to the exposure of internal data, including credentials. This vulnerability is fixed in 2.2.5.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-918\", \"description\": \"CWE-918: Server-Side Request Forgery (SSRF)\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2024-01-30T16:22:04.876Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-23825\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-05-29T15:04:54.089Z\", \"dateReserved\": \"2024-01-22T22:23:54.338Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2024-01-30T16:22:04.876Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…