CVE-2022-1398
MEDIUM NUCLEIExternal Media without Import < 1.1.2 - Authenticated Server-Side Request Forgery via URL Media Addition
Title source: llmExploitation Summary
CVE-2022-1398 has a Nuclei detection template available — see the Nuclei card below for the Shodan/FOFA recon queries.
Description
The External Media without Import WordPress plugin through 1.1.2 does not have any authorisation and does to ensure that medias added via URLs are external medias, which could allow any authenticated users, such as subscriber to perform blind SSRF attacks
Nuclei Templates (1)
External Media without Import <=1.1.2 - Authenticated Blind Server-Side Request Forgery
MEDIUMVERIFIEDby theamanrawat
References (1)
Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://wpscan.com/vulnerability/5440d177-e995-403e-b2c9-42ceda14579e
Scores
CVSS v3
6.5
EPSS
0.0288
EPSS Percentile
85.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-918
Status
published
Products (1)
external_media_without_import_project/external_media_without_import
< 1.1.2
Published
May 16, 2022
Tracked Since
Feb 18, 2026