| |
Vulnerability CVE-2022-1398
Published: 2022-05-16
| Description: |
The External Media without Import WordPress plugin through 1.1.2 does not have any authorisation and does to ensure that medias added via URLs are external medias, which could allow any authenticated users, such as subscriber to perform blind SSRF attacks |
Type:
CWE-918
CVSS2 => (AV:N/AC:L/Au:S/C:P/I:N/A:N)
| CVSS Base Score |
Impact Subscore |
Exploitability Subscore |
4/10 |
2.9/10 |
8/10 |
| Exploit range |
Attack complexity |
Authentication |
Remote |
Low |
Single time |
| Confidentiality impact |
Integrity impact |
Availability impact |
Partial |
None |
None |
References: |
https://wpscan.com/vulnerability/5440d177-e995-403e-b2c9-42ceda14579e
|
|
|
Copyright 2024, cxsecurity.com
|
|
|
