CVE-2024-13741 is a Server-Side Request Forgery (SSRF) vulnerability identified in the ProfileGrid – User Profiles, Groups and Communities plugin for WordPress, versions up to and including 5.9.4.2. The vulnerability resides in the pm_upload_image function, which improperly validates user-supplied input, allowing authenticated users with Subscriber-level permissions or higher to induce the server to make HTTP requests to arbitrary locations. This SSRF flaw enables attackers to download and view images from internal or external hosts or verify the existence of non-image files on those hosts. The vulnerability does not require user interaction beyond authentication and can be exploited remotely over the network. The CVSS 3.1 base score of 5.4 reflects a medium severity level, with the vector indicating network attack vector, low attack complexity, privileges required, no user interaction, unchanged scope, and limited confidentiality and integrity impacts but no availability impact. While no public exploits have been reported, the vulnerability could be leveraged for reconnaissance, internal network mapping, or indirect access to sensitive resources. The plugin is widely used in WordPress environments for managing user profiles, groups, and communities, making this vulnerability relevant to many websites. The lack of an official patch link suggests that mitigation may currently rely on workarounds or plugin updates pending release. The vulnerability is cataloged under CWE-918, which covers SSRF issues where an attacker can abuse server functionality to send crafted requests.

The primary impact of CVE-2024-13741 is unauthorized information disclosure and reconnaissance. By exploiting SSRF, attackers can access internal network resources that are otherwise inaccessible externally, potentially exposing sensitive data or internal services. The ability to verify file existence on local or remote hosts can aid attackers in mapping network infrastructure or identifying valuable targets for further exploitation. Although the vulnerability requires authenticated access at Subscriber level or above, many WordPress sites allow user registrations with such privileges, increasing the attack surface. The integrity impact is limited but present, as attackers might manipulate the server's request behavior. Availability is not affected, so denial-of-service conditions are unlikely. Organizations with public-facing WordPress sites using the ProfileGrid plugin are at risk of indirect data exposure and should consider the potential for lateral movement within their internal networks if attackers leverage SSRF to access internal-only services. The absence of known exploits in the wild reduces immediate risk but does not eliminate the threat, especially as proof-of-concept exploits may emerge.

Organizations should immediately verify if their WordPress installations use the ProfileGrid – User Profiles, Groups and Communities plugin and identify the version in use. Until an official patch is released, administrators should consider the following mitigations: restrict or disable user registrations or limit Subscriber-level permissions to trusted users only; implement strict web application firewall (WAF) rules to detect and block suspicious SSRF patterns targeting the pm_upload_image function; restrict outbound HTTP requests from the web server to only necessary destinations, using network-level egress filtering to prevent arbitrary external or internal requests; monitor server logs for unusual request patterns or unexpected internal network access attempts; consider temporarily disabling or replacing the plugin if feasible; and stay updated with vendor advisories for official patches. Additionally, hardening WordPress security by enforcing strong authentication, limiting plugin usage, and isolating critical internal services can reduce the impact of SSRF exploitation.