{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-22482", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2026-01-07T13:44:16.751Z", "datePublished": "2026-01-22T16:52:41.909Z", "dateUpdated": "2026-04-28T17:19:18.930Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "imgspider", "product": "IMGspider", "vendor": "wbolt.com", "versions": [{"lessThanOrEqual": "2.3.12", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Nabil Irawan | Patchstack Bug Bounty Program"}], "datePublic": "2026-04-22T14:21:01.123Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Server-Side Request Forgery (SSRF) vulnerability in wbolt.com IMGspider imgspider allows Server Side Request Forgery.<p>This issue affects IMGspider: from n/a through <= 2.3.12.</p>"}], "value": "Server-Side Request Forgery (SSRF) vulnerability in wbolt.com IMGspider imgspider allows Server Side Request Forgery.This issue affects IMGspider: from n/a through <= 2.3.12."}], "impacts": [{"capecId": "CAPEC-664", "descriptions": [{"lang": "en", "value": "Server Side Request Forgery"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-918", "description": "Server-Side Request Forgery (SSRF)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-04-28T16:14:45.522Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/Wordpress/Plugin/imgspider/vulnerability/wordpress-imgspider-plugin-2-3-12-server-side-request-forgery-ssrf-vulnerability?_s_id=cve"}], "title": "WordPress IMGspider plugin <= 2.3.12 - Server Side Request Forgery (SSRF) vulnerability"}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-01-23T16:49:16.398289Z", "id": "CVE-2026-22482", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-28T17:19:18.930Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-22482", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2026-01-07T13:44:16.751Z", "datePublished": "2026-01-22T16:52:41.909Z", "dateUpdated": "2026-04-28T17:19:18.930Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "imgspider", "product": "IMGspider", "vendor": "wbolt.com", "versions": [{"lessThanOrEqual": "2.3.12", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Nabil Irawan | Patchstack Bug Bounty Program"}], "datePublic": "2026-04-22T14:21:01.123Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Server-Side Request Forgery (SSRF) vulnerability in wbolt.com IMGspider imgspider allows Server Side Request Forgery.<p>This issue affects IMGspider: from n/a through <= 2.3.12.</p>"}], "value": "Server-Side Request Forgery (SSRF) vulnerability in wbolt.com IMGspider imgspider allows Server Side Request Forgery.This issue affects IMGspider: from n/a through <= 2.3.12."}], "impacts": [{"capecId": "CAPEC-664", "descriptions": [{"lang": "en", "value": "Server Side Request Forgery"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-918", "description": "Server-Side Request Forgery (SSRF)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-04-28T16:14:45.522Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/Wordpress/Plugin/imgspider/vulnerability/wordpress-imgspider-plugin-2-3-12-server-side-request-forgery-ssrf-vulnerability?_s_id=cve"}], "title": "WordPress IMGspider plugin <= 2.3.12 - Server Side Request Forgery (SSRF) vulnerability"}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-22482", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-01-23T16:49:16.398289Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-23T16:49:18.835Z"}}]}}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Server-Side Request Forgery (SSRF) vulnerability in wbolt.com IMGspider imgspider allows Server Side Request Forgery.This issue affects IMGspider: from n/a through <= 2.3.12."}, {"lang": "es", "value": "Vulnerabilidad de falsificaci\u00f3n de petici\u00f3n del lado del servidor (SSRF) en wbolt.com IMGspider imgspider permite la falsificaci\u00f3n de petici\u00f3n del lado del servidor. Este problema afecta a IMGspider: desde n/a hasta &lt;= 2.3.12."}], "id": "CVE-2026-22482", "lastModified": "2026-04-28T19:36:40.677", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 2.7, "source": "audit@patchstack.com", "type": "Secondary"}]}, "published": "2026-01-22T17:16:36.140", "references": [{"source": "audit@patchstack.com", "url": "https://patchstack.com/database/Wordpress/Plugin/imgspider/vulnerability/wordpress-imgspider-plugin-2-3-12-server-side-request-forgery-ssrf-vulnerability?_s_id=cve"}], "sourceIdentifier": "audit@patchstack.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-918"}], "source": "audit@patchstack.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-28T18:02:47.698021+00:00", "value": {"mitigation_remediation": ["Upgrade the IMGspider plugin to a version newer than 2.3.12.", "If a newer release is not available, temporarily deactivate or uninstall the plugin to eliminate the vulnerable functionality.", "Restrict outbound HTTP/HTTPS traffic from the WordPress site using firewall rules or network segmentation to limit potential misuse of the flaw."], "summary": {"action": "Apply Patch", "impact": "Server Side Request Forgery"}, "threat_synthesis": {"affected_systems": "The flaw affects the IMGspider plugin from wbolt.com, all releases from the earliest version through version 2.3.12. Any WordPress installation that has a vulnerable instance of this plugin is at risk.", "description_and_impact": "The IMGspider plugin for WordPress contains a server\u2011side request forgery flaw that permits an attacker to cause the web server to issue requests to arbitrary URLs. The description notes this vulnerability, but does not detail the exact mechanisms or resulting impacts beyond the SSRF indicator. Based on typical SSRF behavior, the attacker could influence outbound traffic, though the specific consequences are not enumerated in the data.", "risk_and_exploitability": "The CVSS base score of 4.9 indicates a moderate severity vulnerability. The EPSS score indicates the exploitation probability is below 1%. The CVE data does not mention public exploits, so it is unclear whether any exist, and it is not listed in the CISA Known Exploited Vulnerabilities catalog. The likely attack vector involves a remote actor sending a specially crafted request to the plugin's endpoint, which then performs an HTTP/HTTPS request to whatever URL the attacker controls. This inference comes from the typical nature of SSRF defects."}}}}, "created": "2026-01-23T16:27:37.238108+00:00", "updated": "2026-04-28T18:15:37.353673+00:00", "vendors": ["wbolt", "wbolt$PRODUCT$imgspider", "wordpress", "wordpress$PRODUCT$wordpress"]}