CVE-2022-1398

nvd nist nuclei

Published: May 16, 2022Modified: Nov 21, 2024

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

The External Media without Import WordPress plugin through 1.1.2 does not have any authorisation and does to ensure that medias added via URLs are external medias, which could allow any authenticated users, such as subscriber to perform blind SSRF attacks

Affected (1)

Products: External Media Without Import Project: External Media Without Import

External Media Without Import Project

1 product

External Media Without Import

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
External Media Without Import Project External Media Without Import	Up to 1.1.2

Related CWEs

Server-Side Request Forgery (SSRF)

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

References (2)

https://wpscan.com/vulnerability/5440d177-e995-403e-b2c9-42ceda14579e

Source: contact@wpscan.com

ExploitThird Party Advisory

https://wpscan.com/vulnerability/5440d177-e995-403e-b2c9-42ceda14579e

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.