PT-2026-6037 · WordPress · All In One Image Viewer Block

Athiwat Tiprasaharn

Publicado

2026-02-05

Atualizado

2026-02-05

CVE-2026-1294

CVSS v3.1

7.2

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions All In One Image Viewer Block plugin for WordPress versions up to and including 1.0.2

Description The All In One Image Viewer Block plugin for WordPress is susceptible to Server-Side Request Forgery due to missing authorization and URL validation. This allows unauthenticated attackers to make web requests to arbitrary locations originating from the web application. Attackers could potentially query and modify information from internal services via the image-proxy API endpoint.

Recommendations Update the All In One Image Viewer Block plugin to a version later than 1.0.2.

Correção

SSRF

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-918

Identificadores relacionados

CVE-2026-1294

Produtos afetados

All In One Image Viewer Block

PT-2026-6037 · WordPress · All In One Image Viewer Block

CVE-2026-1294

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 8