CVE Catalog

CVE-2026-4328

MediumCVSS 6.4
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.21%

11th percentile — higher than 11% of all known CVEs

Summary

The Advanced Import plugin for WordPress is vulnerable to Server-Side Request Forgery (SSRF) in all versions up to and including 1.4.6. The issue arises from the lack of validation of the user-supplied URL in the demo_download_and_unzip() function, allowing requests to be sent to internal network resources.

Risk Assessment

Authenticated attackers with appropriate permissions can exploit this vulnerability to send requests to arbitrary locations, potentially leading to the exposure of data from internal services, including cloud instance metadata.

Recommendation

It is recommended to update the Advanced Import plugin to the latest version to mitigate this vulnerability. Additionally, conducting a security audit to identify and minimize SSRF-related risks is advisable.

Original NVD description (English source)

The Advanced Import plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.4.6. This is due to the plugin using wp_remote_get() to fetch a user-supplied URL without validating that the URL does not point to internal or private network resources in the demo_download_and_unzip() function. The 'demo_file' parameter from $_POST is passed through sanitize_text_field() (which only handles XSS-related sanitization) and then directly into wp_remote_get() when 'demo_file_type' is set to 'url'. Notably, the plugin uses wp_safe_remote_get() in other locations (theme template libraries) which would provide SSRF protection, but fails to use it in this critical AJAX handler. This makes it possible for authenticated attackers, with Author-level access and above (upload_files capability), to make web requests to arbitrary locations originating from the web application, which can be used to query and view data from internal services, including cloud instance metadata endpoints.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS