EXMAGE <= 1.0.6 is vulnerable to Blind Server-Side Request Forgery (SSRF) vulnerability

Administrator

Published
2022-03-27

The EXMAGE WordPress plugin before 1.0.7 does to ensure that images added via URLs are external images, which could lead to a blind SSRF issue by using local URLs

CVE

https://www.cve.org/CVERecord?id=CVE-2022-1037

CVSS

Score:5.4

Severity:Medium

Version: 1.0.6

There is a patch available in v1.0.7 and we strongly recommend you update to this version as soon as possible.