PT-2022-13858 · WordPress · External Media Without Import

Luan Pedersini

Published

2022-05-16

Updated

2022-05-24

CVE-2022-1398

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions External Media without Import WordPress plugin versions 1.1.2 and earlier

Description The issue allows any authenticated users to perform blind SSRF attacks due to the lack of authorization and validation of media sources. This could potentially enable attackers to access internal resources.

Recommendations For External Media without Import WordPress plugin versions 1.1.2 and earlier, update to a version that includes proper authorization and validation of media sources to prevent blind SSRF attacks.

Exploit

Fix

SSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-918

Related Identifiers

CVE-2022-1398

Affected Products

External Media Without Import

PT-2022-13858 · WordPress · External Media Without Import

CVE-2022-1398

Weakness Enumeration

Related Identifiers

Affected Products

References · 3