WordPress Plugin Vulnerabilities

EXMAGE < 1.0.7 - Admin+ Blind SSRF

Description

The plugin does to ensure that images added via URLs are external images, which could lead to a blind SSRF issue by using local URLs

Proof of Concept

Put an internal URL such as http://127.0.0.1:8080 in the "Save storage by using external image URLs (one line each)" feature of the plugin (/wp-admin/media-new.php)

Affects Plugins

Plugin icon
exmage-wp-image-links
Fixed in 1.0.7

References

CVE
CVE-2022-1037

Classification

Type
SSRF
OWASP top 10
A1: Injection
CWE
CWE-918
CVSS
3.0 (low)

Miscellaneous

Original Researcher
Luan Pedersini
Submitter
IBLISS Digital Security
Submitter website
https://www.ibliss.com.br/
Verified
Yes
WPVDB ID
bd8555bd-8086-41d0-a1f7-3557bc3af957

Timeline

Publicly Published
2022-03-28 (about 2 years ago)
Added
2022-03-28 (about 2 years ago)
Last Updated
2022-04-14 (about 2 years ago)

Other

Published
Title
Published
2024-03-29
Title
Gutenberg Blocks by Kadence Blocks < 3.2.26 - Authenticated (Author+) Server-Side Request Forgery
Published
2024-04-22
Title
The Pack Elementor addons (Header Footer & WooCommerce Builder, Template Library) < 2.0.8.3 - Authenticated (Subscriber+) Server-Side Request Forgery
Published
2024-04-22
Title
Culqi < 3.0.15 - Authenticated (Subscriber+) Server-Side Request Forgery
Published
2017-03-01
Title
Popup by Supsystic <= 1.7.8 - Cross-Site Request Forgery (CSRF)
Published
2023-05-15
Title
Essential Addons for Elementor Pro < 5.4.9 - Unauthenticated SSRF