Instant Image Generator
Monthly
Server-Side Request Forgery in bdthemes Instant Image Generator (WordPress plugin ai-image) through version 2.1.4 allows low-privileged authenticated users to coerce the WordPress server into issuing HTTP requests to arbitrary destinations. The scope-changed CVSS vector (S:C) confirms the server can be directed at internal infrastructure beyond the WordPress installation itself, enabling internal network probing or cloud metadata endpoint access. No public exploit code has been identified at time of analysis, and the vulnerability is not listed in the CISA KEV catalog.
Server-Side Request Forgery in bdthemes Instant Image Generator (WordPress plugin ai-image) through version 2.1.4 allows low-privileged authenticated users to coerce the WordPress server into issuing HTTP requests to arbitrary destinations. The scope-changed CVSS vector (S:C) confirms the server can be directed at internal infrastructure beyond the WordPress installation itself, enabling internal network probing or cloud metadata endpoint access. No public exploit code has been identified at time of analysis, and the vulnerability is not listed in the CISA KEV catalog.