CVE-2024-6155 is a vulnerability in the Greenshift – animation and page builder blocks WordPress plugin, identified as CWE-862 (Missing Authorization). The flaw exists in the function greenshift_download_file_localy, which lacks proper capability checks, allowing authenticated users with Subscriber-level privileges or higher to invoke it. This results in Server-Side Request Forgery (SSRF), enabling attackers to make arbitrary HTTP requests from the server to internal or external resources. Additionally, the plugin does not properly sanitize uploaded SVG files, permitting Stored Cross-Site Scripting (XSS) attacks via malicious SVG payloads. These combined issues allow attackers to retrieve sensitive information, such as cloud instance metadata on cloud-hosted environments, and potentially execute malicious scripts in the context of the WordPress site. The vulnerability affects all versions up to and including 9.0.0. Partial remediation was introduced in version 8.9.9, with a complete fix in 9.0.1. The CVSS 3.1 base score is 6.4, reflecting a medium severity with network attack vector, low attack complexity, and requiring low privileges but no user interaction. The scope is changed due to potential impact beyond the vulnerable component. No known exploits in the wild have been reported to date.

The vulnerability enables attackers with minimal privileges (Subscriber or higher) to perform SSRF attacks, potentially accessing internal network resources, sensitive files, or cloud metadata services, which can lead to further compromise or data leakage. The stored XSS via SVG uploads can allow persistent script execution in the context of the WordPress site, risking session hijacking, defacement, or further exploitation. Organizations using this plugin on WordPress sites face risks of unauthorized data exposure, privilege escalation, and reputational damage. Cloud-hosted environments are particularly at risk of metadata service exposure, which can lead to credential theft and lateral movement. Although availability is not directly impacted, confidentiality and integrity are at risk. The medium CVSS score reflects the balance between required authentication and the significant potential impact on sensitive data and site security.

Administrators should immediately update the Greenshift plugin to version 9.0.1 or later, where the vulnerability is fully patched. Until the update is applied, restrict plugin usage to trusted users only and consider temporarily disabling the plugin if Subscriber-level users are untrusted. Implement web application firewall (WAF) rules to detect and block SSRF patterns and malicious SVG uploads. Enforce strict file upload policies, including sanitization and validation of SVG files, or disable SVG uploads if not required. Monitor server logs for unusual outbound HTTP requests originating from the WordPress server. On cloud platforms, restrict access to instance metadata services using network controls or metadata service protection features (e.g., AWS IMDSv2). Regularly audit user roles and permissions to minimize the number of users with Subscriber or higher access. Employ Content Security Policy (CSP) headers to mitigate the impact of XSS attacks.