CVE-2024-6155: 
WordPress vulnerability analysis and mitigation

The Greenshift – animation and page builder blocks plugin for WordPress contains a vulnerability (CVE-2024-6155) affecting all versions up to and including 9.0.0. The vulnerability stems from a missing capability check in the greenshift_download_file_localy function, combined with inadequate SSRF protection and sanitization on uploaded SVG files. The issue was partially addressed in version 8.9.9 and fully patched in version 9.0.1 (NVD).

The vulnerability is classified as an Authenticated Server-Side Request Forgery (SSRF) and Stored Cross-Site Scripting issue. It affects users with Subscriber-level privileges and above. The core issue lies in the greenshift_download_file_localy function's implementation, which lacks proper authorization checks and SSRF protections. The CVSS v3.1 score is 6.4 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N (Wordfence).

The vulnerability allows authenticated attackers to make web requests to arbitrary locations from the web application. This capability can be exploited to download malicious SVG files containing Cross-Site Scripting payloads to the server. On cloud-based servers, attackers could potentially access instance metadata (NVD).

Users should update to version 9.0.1 which contains the complete fix for this vulnerability. A partial fix was implemented in version 8.9.9 (NVD).