Unauthenticated SSRF PoC in WordPress Fusion Builder <3.6.2 (CVE-2022-1386)# CVE-2022-1386 – Fusion Builder < 3.6.2 - Unauthenticated SSRF
## 💥 Description
Unauthenticated Server-Side Request Forgery (SSRF) in the Fusion Builder plugin (used by the Avada WordPress theme) prior to version 3.6.2.
Allows attackers to make HTTP requests to arbitrary URLs, potentially targeting internal services.
## 🛡 Affected Product
- Fusion Builder < 3.6.2
- Avada Theme installations using vulnerable Fusion Builder plugin
## 🔍 CVE Details
- **CVE**: [CVE-2022-1386](https://wpscan.com/vulnerability/bf7034ab-24c4-461f-a709-3f73988b536b)
- **Severity**: Critical
- **Vector**: Unauthenticated HTTP POST to `admin-ajax.php`
## 🧪 PoC Usage
```bash
python3 exploit_cve_2022_1386.py <target_url> <your_callback_url>
```
Example:
```bash
python3 exploit_cve_2022_1386.py https://vulnerable.site https://abc123.oast.fun
```
Use Interact.sh or [Burp Collaborator] to receive the callback.
📋 Sample Output
```bash
[*] Fetching nonce from target...
[*] Sending SSRF payload to https://abc123.oast.fun...
[+] SSRF confirmed: received callback from victim server.
```
📌 Notes
This PoC avoids data exfiltration.
Ethical usage only: do not exploit systems without authorization.
📚 References
https://wpscan.com/vulnerability/bf7034ab-24c4-461f-a709-3f73988b536b
https://theme-fusion.com/documentation/avada/fusion-builder-changelog/
[4.0K] /data/pocs/a6877fd23a8ee54db922171a2e6b83804c21ee85
├── [3.5K] exploit_cve_2022_1386.py
├── [1.3K] README.md
└── [ 17] requirements.txt
0 directories, 3 files