WordPress IMGspider plugin <= 2.3.10 - Authenticated (Contributor+) Arbitrary File Upload via 'upload_img_file' vulnerability

Authenticated Contributor+ Arbitrary File Upload via 'uploadimgfile' vulnerability discovered by István Márton - Wordfence in WordPress Plugin IMGspider versions = 2.3.10...

CVE-2026-22482

CVE-2026-22482 describes a Server-Side Request Forgery (SSRF) in the IMGspider WordPress plugin (IMGspider/imgspider) affecting versions up to 2.3.12. Connected sources (Red Hat, CIRCL, NVD/CVE records) confirm this as an authenticated SSRF vulnerability in IMGspider, with no public patch details...

CVE-2026-22482 WordPress IMGspider plugin <= 2.3.12 - Server Side Request Forgery (SSRF) vulnerability

Server-Side Request Forgery SSRF vulnerability in wbolt.com IMGspider imgspider allows Server Side Request Forgery.This issue affects IMGspider: from n/a through = 2.3.12...

WordPress plugin IMGspider has code vulnerabilities

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

WordPress IMGspider plugin <= 2.3.12 - Server Side Request Forgery (SSRF) vulnerability

Server Side Request Forgery SSRF vulnerability discovered by Nabil Irawan in WordPress Plugin IMGspider versions = 2.3.12...

CVE-2024-6319

The IMGspider plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'upload' function in all versions up to, and including, 2.3.10. This makes it possible for authenticated attackers, with contributor-level and above permissions, to upload arbitra...

CVE-2024-6318

The IMGspider plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'uploadimgfile' function in all versions up to, and including, 2.3.10. This makes it possible for authenticated attackers, with contributor-level and above permissions, to upload...

CVE-2024-6319

The IMGspider plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'upload' function in all versions up to, and including, 2.3.10. This makes it possible for authenticated attackers, with contributor-level and above permissions, to upload arbitra...

EUVD-2024-47435

The IMGspider plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'upload' function in all versions up to, and including, 2.3.10. This makes it possible for authenticated attackers, with contributor-level and above permissions, to upload arbitra...

CVE-2024-6319 IMGspider <= 2.3.10 - Authenticated (Contributor+) Arbitrary File Upload via 'upload'

The IMGspider plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'upload' function in all versions up to, and including, 2.3.10. This makes it possible for authenticated attackers, with contributor-level and above permissions, to upload arbitra...

CVE-2024-6319

CVE-2024-6319 (IMGspider WordPress plugin) is an authenticated arbitrary file upload vulnerability. The issue arises in the plugin’s upload function where file type validation is missing, enabling attackers with contributor-level or higher permissions to upload arbitrary files to the server. This...