2 matches found
CVE-2022-1398
CVE-2022-1398 affects the WordPress External Media without Import plugin (versions ≤ 1.1.2). Root cause: the plugin lacks authorization and does not ensure media added via URLs are external, enabling authenticated users (e.g., subscribers) to perform blind SSRF. Impact: authenticated blind SSRF w...
CVE-2017-20183
CVE-2017-20183 affects WordPress via the External Media without Import Plugin up to 1.0.0. A vulnerability in the function print_media_new_panel (external-media-without-import.php) allows cross-site scripting through manipulation of the parameters url, error, width, height, and mime-type. The att...