CVE-2022-1977

EUVD-2022-25245
The Import Export All WordPress Images, Users & Post Types WordPress plugin before 6.5.3 does not fully validate the file to be imported via an URL before making an HTTP request to it, which could allow high privilege users such as admin to perform Blind SSRF attacks
SSRF
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.2 HIGH
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 72%
Affected Products (NVD)
VendorProductVersion
smackcodersimport_all_pages\,_post_types\,_products\,_orders\,_and_users_as_xml_\&_csv
𝑥
< 6.5.3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://wpscan.com/vulnerability/1b640519-75e1-48cb-944e-b9bff9de6d3d
https://wpscan.com/vulnerability/1b640519-75e1-48cb-944e-b9bff9de6d3d