Skip to main content

Getty Images

1 CVEs product

Monthly

CVE-2026-39630 MEDIUM This Month

Server-Side Request Forgery (SSRF) in Getty Images WordPress plugin through version 4.1.0 allows authenticated attackers to make arbitrary HTTP requests from the server, potentially accessing internal services or metadata endpoints. The vulnerability requires valid WordPress user credentials and affects the plugin across all versions up to 4.1.0. This has a moderate real-world risk profile with low EPSS exploitation probability (0.02%) despite moderate CVSS impact, suggesting limited practical weaponization despite theoretical exploitability.

SSRF Getty Images
NVD
CVSS 3.1
6.4
EPSS
0.0%
EPSS 0% CVSS 6.4
MEDIUM This Month

Server-Side Request Forgery (SSRF) in Getty Images WordPress plugin through version 4.1.0 allows authenticated attackers to make arbitrary HTTP requests from the server, potentially accessing internal services or metadata endpoints. The vulnerability requires valid WordPress user credentials and affects the plugin across all versions up to 4.1.0. This has a moderate real-world risk profile with low EPSS exploitation probability (0.02%) despite moderate CVSS impact, suggesting limited practical weaponization despite theoretical exploitability.

SSRF Getty Images
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy