Skip to main content

Instant Image Generator

1 CVEs product

Monthly

CVE-2026-57413 MEDIUM This Month

Server-Side Request Forgery in bdthemes Instant Image Generator (WordPress plugin ai-image) through version 2.1.4 allows low-privileged authenticated users to coerce the WordPress server into issuing HTTP requests to arbitrary destinations. The scope-changed CVSS vector (S:C) confirms the server can be directed at internal infrastructure beyond the WordPress installation itself, enabling internal network probing or cloud metadata endpoint access. No public exploit code has been identified at time of analysis, and the vulnerability is not listed in the CISA KEV catalog.

SSRF Instant Image Generator
NVD
CVSS 3.1
6.4
EPSS
0.2%
EPSS 0% CVSS 6.4
MEDIUM This Month

Server-Side Request Forgery in bdthemes Instant Image Generator (WordPress plugin ai-image) through version 2.1.4 allows low-privileged authenticated users to coerce the WordPress server into issuing HTTP requests to arbitrary destinations. The scope-changed CVSS vector (S:C) confirms the server can be directed at internal infrastructure beyond the WordPress installation itself, enabling internal network probing or cloud metadata endpoint access. No public exploit code has been identified at time of analysis, and the vulnerability is not listed in the CISA KEV catalog.

SSRF Instant Image Generator
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy