WordPress Plugin Vulnerabilities
EXMAGE < 1.0.7 - Admin+ Blind SSRF
Description
The plugin does to ensure that images added via URLs are external images, which could lead to a blind SSRF issue by using local URLs
Proof of Concept
Put an internal URL such as http://127.0.0.1:8080 in the "Save storage by using external image URLs (one line each)" feature of the plugin (/wp-admin/media-new.php)
Affects Plugins
References
CVE
Classification
Type
SSRF
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
Luan Pedersini
Submitter
IBLISS Digital Security
Submitter website
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2022-03-28 (about 2 years ago)
Added
2022-03-28 (about 2 years ago)
Last Updated
2022-04-14 (about 2 years ago)