WordPress Plugin Vulnerabilities

EXMAGE < 1.0.7 - Admin+ Blind SSRF

Description

The plugin does to ensure that images added via URLs are external images, which could lead to a blind SSRF issue by using local URLs

Proof of Concept

Affects Plugins

Plugin icon
exmage-wp-image-links
Fixed in 1.0.7

References

CVE
CVE-2022-1037

Classification

Type
SSRF
OWASP top 10
A1: Injection
CWE
CWE-918
CVSS
3.0 (low)

Miscellaneous

Original Researcher
Luan Pedersini
Submitter
IBLISS Digital Security
Submitter website
https://www.ibliss.com.br/
Verified
Yes
WPVDB ID
bd8555bd-8086-41d0-a1f7-3557bc3af957

Timeline

Publicly Published
2022-03-28 (about 3 years ago)
Added
2022-03-28 (about 3 years ago)
Last Updated
2022-04-14 (about 3 years ago)

Other

Published
Title
Published
2024-11-01
Title
Magical Addons For Elementor < 1.2.3 - Authenticated (Subscriber+) Server-Side Request Forgery
Published
2013-06-21
Title
WordPress 3.5-3.5.1 HTTP API Unspecified Server Side Request Forgery (SSRF)
Published
2024-08-06
Title
Modern Events Calendar <= 7.12.1 - Subscriber+ Server Side Request Forgery
Published
2025-08-14
Title
B Slider - Gutenberg Slider Block for WP < 2.0.1 - Authenticated (Subscriber+) Server-Side Request Forgery
Published
2022-08-12
Title
Rank Math SEO < 1.0.95.1 - Unauthenticated SSRF