The External Media without Import WordPress plugin through 1.1.2 does not have any authorisation and does to ensure that medias added via URLs are external medias, which could allow any authenticated users, such as subscriber to perform blind SSRF attacks
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: WPScan
Published: 2022-05-16T14:30:53
Updated: 2024-08-03T00:03:06.251Z
Reserved: 2022-04-19T00:00:00
Link: CVE-2022-1398
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2022-05-16T15:15:09.413
Modified: 2022-05-24T18:33:09.733
Link: CVE-2022-1398
Redhat
No data.