CVE-2022-1977

Name of the Vulnerable Software and Affected Versions Import Export All WordPress Images, Users & Post Types WordPress plugin versions prior to 6.5.3

Description The issue concerns the lack of full validation for files to be imported via URL, which could allow high-privilege users, such as admins, to perform Blind SSRF (Server-Side Request Forgery) attacks. This occurs because the plugin makes an HTTP request to the file without properly checking its validity.

Recommendations For versions prior to 6.5.3, update to version 6.5.3 or later to resolve the issue. As a temporary workaround, consider restricting the import functionality to trusted sources or disabling it until the update is applied.