WordPress Plugin Vulnerabilities

Instant Images < 5.2.0 - Author+ SSRF

Description

The plugin does not validate a parameter before making a request to it, which could allow users with Author role and above to perform SSRF attack

Affects Plugins

Plugin icon
instant-images
Fixed in 5.2.0

References

CVE
CVE-2023-27451

Classification

Type
SSRF
OWASP top 10
A1: Injection
CWE
CWE-918
CVSS
3.8 (low)

Miscellaneous

Original Researcher
Universe
Verified
No
WPVDB ID
bb23bf9c-b0f2-441f-819c-aece423d61a1

Timeline

Publicly Published
2023-03-02 (about 3 years ago)
Added
2023-03-30 (about 2 years ago)
Last Updated
2023-03-31 (about 2 years ago)

Other

Published
Title
Published
2026-01-27
Title
Oxygen <= 6.0.8 - Unauthenticated Server-Side Request Forgery
Published
2025-04-24
Title
Simple Google Photos Grid < 1.6 - Authenticated (Contributor+) Server-Side Request Forgery
Published
2025-06-05
Title
Nexa Blocks <= 1.1.0 - Authenticated (Contributor+) Server-Side Request Forgery
Published
2025-04-09
Title
SEO Help <= 6.7.5 - Admin+ SSRF
Published
2024-04-16
Title
Really Simple SSL < 8.0.0 - Admin+ Server-Side Request Forgery