The External Media without Import WordPress plugin through 1.1.2 does not have any authorisation and does to ensure that medias added via URLs are external medias, which could allow any authenticated users, such as subscriber to perform blind SSRF attacks
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: WPScan

Published: 2022-05-16T14:30:53

Updated: 2024-08-03T00:03:06.251Z

Reserved: 2022-04-19T00:00:00

Link: CVE-2022-1398

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2022-05-16T15:15:09.413

Modified: 2022-05-24T18:33:09.733

Link: CVE-2022-1398

cve-icon Redhat

No data.