QwikSec

Security Database

CVE

CWE

Training

CVE-2022-1977

Published: Jun 27, 2022

Modified: Aug 3, 2024

PUBLISHED

Description

The Import Export All WordPress Images, Users & Post Types WordPress plugin before 6.5.3 does not fully validate the file to be imported via an URL before making an HTTP request to it, which could allow high privilege users such as admin to perform Blind SSRF attacks

Vendor	Product	Versions
Unknown	Import Export All WordPress Images, Users & Post Types	affected `6.5.3 - < 6.5.3`

Weaknesses (CWE)

References

https://wpscan.com/vulnerability/1b640519-75e1-48cb-944e-b9bff9de6d3d

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.