Skip to main content

Instant Image Generator CVE-2026-57413

| EUVDEUVD-2026-43485 MEDIUM
Server-Side Request Forgery (SSRF) (CWE-918)
2026-07-13 Patchstack
6.4
CVSS 3.1 · Vendor: Patchstack
Share

Severity by source

Vendor (Patchstack) PRIMARY
6.4 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
vuln.today AI
6.4 MEDIUM

Network-reachable, low complexity, but PR:L required as some WordPress authentication is needed; S:C reflects SSRF reaching systems beyond the vulnerable plugin.

3.1 AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

Primary rating from Vendor (Patchstack).

CVSS VectorVendor: Patchstack

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

1
Analysis Generated
Jul 13, 2026 - 11:24 vuln.today

DescriptionCVE.org

Server-Side Request Forgery (SSRF) vulnerability in bdthemes Instant Image Generator ai-image allows Server Side Request Forgery.This issue affects Instant Image Generator: from n/a through <= 2.1.4.

AnalysisAI

Server-Side Request Forgery in bdthemes Instant Image Generator (WordPress plugin ai-image) through version 2.1.4 allows low-privileged authenticated users to coerce the WordPress server into issuing HTTP requests to arbitrary destinations. The scope-changed CVSS vector (S:C) confirms the server can be directed at internal infrastructure beyond the WordPress installation itself, enabling internal network probing or cloud metadata endpoint access. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain low-privileged WordPress account
Delivery
Identify image generation endpoint accepting URL input
Exploit
Submit crafted request with internal target URL
Execution
Server issues SSRF request to internal host
Impact
Retrieve response data (cloud metadata, internal API keys, or network topology)

Vulnerability AssessmentAI

Exploitation Exploitation requires an authenticated WordPress session with at least low-privilege access (PR:L per CVSS vector) - any registered user role capable of accessing the plugin's image generation feature is sufficient. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 score of 6.4 (Medium) reflects network reachability (AV:N), low complexity (AC:L), and low privilege requirement (PR:L), with no user interaction needed (UI:N) and a scope change (S:C) indicating lateral reach into backend systems. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker with any authenticated WordPress account (e.g., subscriber) submits a crafted image generation request with a URL pointing to the EC2 instance metadata endpoint (http://169.254.169.254/latest/meta-data/iam/security-credentials/) or an internal service. The server-side PHP code fetches the target URL and may return or log the response, exposing cloud credentials or internal service data to the attacker. …
Remediation Update the Instant Image Generator plugin beyond version 2.1.4; consult the Patchstack advisory at https://patchstack.com/database/Wordpress/Plugin/ai-image/vulnerability/wordpress-instant-image-generator-plugin-2-1-4-server-side-request-forgery-ssrf-vulnerability for the confirmed patched release version, which is not independently verified from available input data. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-57413 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy