CVE-2026-1294
BaseFortify
Publication date: 2026-02-05
Last updated on: 2026-02-05
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-918 | The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability involves an unauthenticated Server-Side Request Forgery (SSRF) via the REST API endpoint `/bpivb/v1/image-proxy` in the WordPress All In One Image Viewer Block plugin versions up to 1.0.2.'}, {'type': 'paragraph', 'content': 'To detect exploitation attempts on your network or system, you can monitor HTTP requests targeting the vulnerable REST API endpoint, especially GET requests containing a `url` parameter.'}, {'type': 'list_item', 'content': 'Use web server access logs to search for requests to `/wp-json/bpivb/v1/image-proxy` or `/bpivb/v1/image-proxy` endpoints.'}, {'type': 'list_item', 'content': "Example command to search Apache or Nginx logs for suspicious requests: `grep '/bpivb/v1/image-proxy' /var/log/apache2/access.log`"}, {'type': 'list_item', 'content': 'Look for unusual or unexpected URLs in the `url` parameter that may indicate SSRF attempts.'}, {'type': 'list_item', 'content': 'Use network monitoring tools or Intrusion Detection Systems (IDS) to alert on outbound HTTP requests originating from the web server to internal or unexpected external IP addresses.'}] [1, 3]
Can you explain this vulnerability to me?
The vulnerability in the All In One Image Viewer Block plugin for WordPress (up to version 1.0.2) is a Server-Side Request Forgery (SSRF) issue. It arises because the image-proxy REST API endpoint does not properly validate URLs or enforce authorization, allowing unauthenticated attackers to make web requests to arbitrary locations from the web application.
This means attackers can use the plugin's image proxy feature to query or modify information on internal services that are normally inaccessible from outside the network.
How can this vulnerability impact me? :
This vulnerability can allow attackers to perform unauthorized requests from the server hosting the WordPress site to internal or external systems. This can lead to information disclosure or manipulation of internal services that are not intended to be publicly accessible.
Because the attacker does not need to be authenticated, they can exploit this vulnerability remotely, potentially gaining access to sensitive data or causing unintended interactions with internal resources.
The CVSS score of 7.2 indicates a high severity, reflecting the ease of exploitation and the potential impact on confidentiality and integrity.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
What immediate steps should I take to mitigate this vulnerability?
The primary mitigation is to update the All In One Image Viewer Block plugin to version 1.0.3 or later, where the vulnerability is patched.
The patch introduces strict URL validation, restricts allowed URL schemes to http and https, and enforces a permission check requiring the user to have the `upload_files` capability before accessing the image proxy endpoint.
- Immediately update the plugin to version 1.0.3 or newer.
- If updating is not immediately possible, restrict access to the REST API endpoint `/bpivb/v1/image-proxy` by limiting access to authenticated users with appropriate permissions.
- Implement firewall or web application firewall (WAF) rules to block or monitor suspicious requests to the vulnerable endpoint.
- Review and monitor logs for any signs of exploitation attempts.