CVE-2026-22482
MEDIUMSeverity by source
AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N
Lifecycle Timeline
4DescriptionCVE.org
Server-Side Request Forgery (SSRF) vulnerability in wbolt.com IMGspider imgspider allows Server Side Request Forgery.This issue affects IMGspider: from n/a through <= 2.3.12.
AnalysisAI
IMGspider WordPress plugin has a Server-Side Request Forgery vulnerability enabling attackers to make the server perform requests to internal network resources.
Technical ContextAI
The IMGspider plugin by wbolt.com has a CWE-918 SSRF vulnerability that allows attackers to make the WordPress server send HTTP requests to arbitrary internal and external destinations.
Affected ProductsAI
wbolt.com IMGspider WordPress plugin
RemediationAI
Update the plugin. Implement URL validation with internal IP blocking.
Same weakness CWE-918 – Server-Side Request Forgery (SSRF)
View allShare
External POC / Exploit Code
Leaving vuln.today