CVE-2022-1398

CVE-2022-1398: External Media without Import <= 1.1.2 - Subscriber+ Blind SSRF

Vendor Unknown
Product External Media without Import
Weakness CWE-918 · SSRF
Published May 16, 2022
Last update August 3, 2024
View on NVD All CVEs

CVSS base score

What the vulnerability does

01Description

The External Media without Import WordPress plugin through 1.1.2 does not have any authorisation and does to ensure that medias added via URLs are external medias, which could allow any authenticated users, such as subscriber to perform blind SSRF attacks

Key dates

02Disclosure timeline

May 16, 2022 CVE published
August 3, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2025-11361 Essential Blocks <= 5.7.1 - Authenticated (Author+) Server-Side Request Forgery CVE-2026-4200 glowxq glowxq-oj ProblemCaseController.java uploadTestcaseZipUrl server-side request forgery CVE-2026-40100 FastGPT has Unauthenticated SSRF in /api/core/app/mcpTools/runTool via missing CHECK_INTERNAL_IP default CVE-2026-45400 Open WebUI: Server-Side Request Forgery (SSRF) bypass in `validate_url` CVE-2025-46511 WordPress BeerXML Shortcode plugin <= 0.7.1 - Server Side Request Forgery (SSRF) Vulnerability