CVE-2023-7231

HIGH

WordPress plugin <1.0 - Info Disclosure

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-7231. PoCs published by BBO513.

AI-analyzed exploit summary This repository contains a functional exploit PoC for CVE-2023-7231, demonstrating an SSRF vulnerability in Audible's `fetchResource` API that can be chained to access AWS metadata, Docker APIs, and environment variables. The code includes compliant request handling and evidence documentation.

Description

The illi Link Party! WordPress plugin through 1.0 lacks proper access controls, allowing unauthenticated visitors to delete links.

Exploits (1)

nomisec WORKING POC 1 stars

by BBO513 · poc

https://github.com/BBO513/CVE-2023-7231

View Code ZIP pw:eip

This repository contains a functional exploit PoC for CVE-2023-7231, demonstrating an SSRF vulnerability in Audible's `fetchResource` API that can be chained to access AWS metadata, Docker APIs, and environment variables. The code includes compliant request handling and evidence documentation.

Classification

Working Poc 95%

Attack Type

Ssrf

Complexity

Moderate

Reliability

Reliable

Target: Audible fetchResource API

No auth needed

Prerequisites: Network access to Audible's API · Python environment with requests library

MITRE ATT&CK

T1083 - File and Directory Discovery T1190 - Exploit Public-Facing Application T1005 - Data from Local System

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit, Third Party Advisory exploit vdb-entry technical-description

https://wpscan.com/vulnerability/797692ce-f355-4d4a-af01-4bd9abc60a34/

Scores

CVSS v3 7.3

EPSS 0.0037

EPSS Percentile 29.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

Status published

Products (1)

evanliewer/illi_link_party\! < 1.0

Published May 15, 2025

Tracked Since Feb 18, 2026