Security Advisory

CVE-2022-1398

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2022-05-16 14:30:53

Last updated 2024-08-03 00:03:06

Assigner WPScan

State PUBLISHED

Description

The External Media without Import WordPress plugin through 1.1.2 does not have any authorisation and does to ensure that medias added via URLs are external medias, which could allow any authenticated users, such as subscriber to perform blind SSRF attacks

← Browse all CVEs View on cve.org ↗