QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2022-1398

Back to search

CVE-2022-1398

Published: May 16, 2022

Modified: Aug 3, 2024

PUBLISHED

Description

The External Media without Import WordPress plugin through 1.1.2 does not have any authorisation and does to ensure that medias added via URLs are external medias, which could allow any authenticated users, such as subscriber to perform blind SSRF attacks

VendorProductVersions

Unknown

External Media without Import

affected
1.1.2 - <= 1.1.2

Weaknesses (CWE)

CWE-918

References

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now