3 matches found
External Media without Import <=1.1.2 - Authenticated Blind Server-Side Request Forgery
WordPress External Media without Import plugin through 1.1.2 is susceptible to authenticated blind server-side request forgery. The plugin has no authorization and does not ensure that media added via URLs are external media, which can allow any authenticated users, including subscribers, to obta...
CVE-2022-1398 External Media without Import <= 1.1.2 - Subscriber+ Blind SSRF
The External Media without Import WordPress plugin through 1.1.2 does not have any authorisation and does to ensure that medias added via URLs are external medias, which could allow any authenticated users, such as subscriber to perform blind SSRF attacks...
CVE-2022-1398
CVE-2022-1398 affects the WordPress External Media without Import plugin (versions ≤ 1.1.2). Root cause: the plugin lacks authorization and does not ensure media added via URLs are external, enabling authenticated users (e.g., subscribers) to perform blind SSRF. Impact: authenticated blind SSRF w...