Getty Images
Monthly
Server-Side Request Forgery (SSRF) in Getty Images WordPress plugin through version 4.1.0 allows authenticated attackers to make arbitrary HTTP requests from the server, potentially accessing internal services or metadata endpoints. The vulnerability requires valid WordPress user credentials and affects the plugin across all versions up to 4.1.0. This has a moderate real-world risk profile with low EPSS exploitation probability (0.02%) despite moderate CVSS impact, suggesting limited practical weaponization despite theoretical exploitability.
Server-Side Request Forgery (SSRF) in Getty Images WordPress plugin through version 4.1.0 allows authenticated attackers to make arbitrary HTTP requests from the server, potentially accessing internal services or metadata endpoints. The vulnerability requires valid WordPress user credentials and affects the plugin across all versions up to 4.1.0. This has a moderate real-world risk profile with low EPSS exploitation probability (0.02%) despite moderate CVSS impact, suggesting limited practical weaponization despite theoretical exploitability.