WordPress External Media without Imports plugin服务端请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. WordPress External Media without Imports plugin version 1.1.2 and earlier is vulnerable to server-side request forgery, which is caused by the plugin’s lack of authorization and failure to ensure that the media added via URL is external. The vulnerability is caused by the plugin not doing any authorization and failing to ensure that the media added via URL is external media, which can be exploited by attackers to perform blind server-side request forgery attacks.