CVE-2022-1398

MEDIUM NUCLEI

External Media Without Import < 1.1.2 - SSRF

Title source: rule

Description

The External Media without Import WordPress plugin through 1.1.2 does not have any authorisation and does to ensure that medias added via URLs are external medias, which could allow any authenticated users, such as subscriber to perform blind SSRF attacks

Nuclei Templates (1)

External Media without Import <=1.1.2 - Authenticated Blind Server-Side Request Forgery
MEDIUMVERIFIEDby theamanrawat

References (1)

Scores

CVSS v3 6.5
EPSS 0.4048
EPSS Percentile 97.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-918
Status published
Products (1)
external_media_without_import_project/external_media_without_import < 1.1.2
Published May 16, 2022
Tracked Since Feb 18, 2026