External Media without Import <= 1.1.2 - Subscriber+ Blind SSRF
CVE-2022-1398

6.5MEDIUM

Key Information:

Vendor
Wordpress
Status
External Media Without Import
Vendor
CVE Published:
16 May 2022

Summary

The External Media without Import WordPress plugin through 1.1.2 does not have any authorisation and does to ensure that medias added via URLs are external medias, which could allow any authenticated users, such as subscriber to perform blind SSRF attacks

Affected Version(s)

External Media without Import 1.1.2

References

https://wpscan.com/vulnerability/5440d177-e995-403e-b2c9-...
x_refsource_MISC

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Luan Pedersini
.