CVE-2024-6155

Name of the Vulnerable Software and Affected Versions The Greenshift – animation and page builder blocks plugin for WordPress versions prior to 9.0.1

Description The issue is related to Authenticated Server-Side Request Forgery and Stored Cross Site Scripting due to a missing capability check in the greenshift download file localy function, along with no SSRF protection and sanitization on uploaded SVG files. This allows authenticated attackers with Subscriber-level access and above to make web requests to arbitrary locations and download malicious SVG files containing Cross-Site Scripting payloads to the server. On Cloud-based servers, attackers could retrieve the instance metadata.

Recommendations For versions prior to 9.0.1, update to version 9.0.1 or later to resolve the issue. As a temporary workaround, consider disabling the greenshift download file localy function until a patch is available. Restrict access to uploaded SVG files to minimize the risk of exploitation. Avoid using the vulnerable function to download files from arbitrary locations until the issue is resolved.