CVE-2022-1037

Name of the Vulnerable Software and Affected Versions EXMAGE WordPress plugin versions prior to 1.0.7

Description The issue arises because the plugin does not properly verify if images added via URLs are external, potentially leading to a blind Server-Side Request Forgery (SSRF) issue when using local URLs.

Recommendations For versions prior to 1.0.7, update to version 1.0.7 or later to resolve the issue. As a temporary workaround, consider restricting the ability to add images via URLs to minimize the risk of exploitation.