Primary

Context

All In One Image Viewer Block Server-Side Request Forgery Vulnerability

Vulnerability

A Server-Side Request Forgery (SSRF) vulnerability has been identified in the All In One Image Viewer Block plugin for WordPress, affecting all versions through 1.0.2. The vulnerability arises from inadequate authorization and URL validation on the image-proxy REST API endpoint. This flaw allows unauthenticated attackers to send web requests to arbitrary locations via the web application, potentially accessing and modifying information from internal services.

Impact

Exploitation of this vulnerability allows for unauthorized web requests to be made from the WordPress application to external or internal services, which could be used to access or manipulate sensitive information or resources.

Remediation

Users are advised to update the All In One Image Viewer Block plugin to version 1.0.3 or a newer patched version.

Added: Feb 5, 2026, 10:20 AM

Updated: Feb 5, 2026, 3:12 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

7.5

remediation

0.0

relevance

2.5

threat

3.2

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

7.5

remediation

0.0

relevance

2.5

threat

3.2

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

All In One Image Viewer Block Server-Side Request Forgery Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating