Among its “AI image” helpers, the plugin offers a server-side fetch that retrieves a remote image and drops it into the Media Library. During testing we identified CVE-2025-11361, an authenticated Server-Side Request Forgery (SSRF) flaw that any Author+ (i.e., anyone with upload_files) can trigger. By calling the AJAX action save_ai_generated_image with a valid admin_nonce, an attacker supplies an arbitrary image_url; the server then performs a backend wp_remote_get() without host allow-listing or private/loopback blocking, and unconditionally writes the entire HTTP response body to a file in wp-content/uploads/ (forcing a fallback “.png” when the type is unrecognized). Because the body is stored verbatim, the attacker can later download that media item to exfiltrate internal responses (JSON/HTML/etc.), turning SSRF into a reliable data-exfiltration primitive against 127.0.0.1, RFC1918 ranges, or cloud metadata services.
| CVE | CVE-2025-11361 |
| Plugin Version | Essential Blocks <= 5.7.1 |
| Critical | High |
| All Time | 7 212 700 |
| Active installations | 200 000+ |
| Publicly Published | October 9, 2025 |
| Last Updated | October 9, 2025 |
| Researcher | Dmitrii Ignatyev |
| PoC | Yes |
| Exploit | No |
| Reference | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11361 https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/essential-blocks/essential-blocks-571-authenticated-author-server-side-request-forgery |
| Plugin Security Certification by CleanTalk |  |
| Logo of the plugin |  |
PSC by CleantalkJoin the community of developers who prioritize security. Highlight your plugin in the WordPress catalog.
Timeline
| October 1, 2025 | Plugin testing and vulnerability detection in the WP Go Maps (formerly WP Google Maps) have been completed |
| October 1, 2025 | I contacted the author of the plugin and provided a vulnerability PoC with a description and recommendations for fixing |
| October 17, 2025 | Registered CVE-2025-11361 |
Discovery of the Vulnerability
A review of the AJAX handler showed the following anti-patterns in combination: (1) the action save_ai_generated_image accepts arbitrary image_url; (2) the server performs wp_remote_get() without any permission checks on the destination (no denylist of 127/8, 10/8, 172.16/12, 192.168/16, link-local, or instance metadata endpoints such as 169.254.169.254); (3) when the Content-Type header is absent or unknown, the code still persists the body to the Media Library and assigns a .png extension; and (4) there is no validation that the payload is a real image (no magic-byte sniffing or GD/Imagick decode test). Since Authors routinely obtain the required admin_noncefrom the admin UI where the feature is exposed, exploitation requires only the standard Author role and a single POST to admin-ajax.php.
Understanding of SSRF attack’s
SSRF occurs when a server accepts a user-supplied URL and fetches it from the backend. In the WordPress ecosystem this often surfaces in “importer,” “AI,” “scraper,” or “social preview” utilities. When host allow-lists and private-range blocking are missing, attackers can pivot through the WordPress host to reach otherwise internal resources: admin panels on localhost, services on container/cluster subnets, and cloud IMDS endpoints delivering temporary credentials. The impact escalates when the application returns or stores the upstream response, which is exactly what happens here: Essential Blocks writes the entire body into the Media Library, giving the attacker a stable, authenticated download path to sensitive data. Similar patterns have appeared across multiple popular plugins in recent years and routinely grade as High severity due to the realistic path to credential theft and environment mapping.
Exploiting the Missing Auth Vulnerability
To exploit CVE-2025-11361, an attacker with Author+ cookies:
POC:
POST /wordpress/wp-admin/admin-ajax.php HTTP/1.1 Host: 127.0.0.1 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:128.0) Gecko/20100101 Firefox/128.0 Accept: */* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: http://127.0.0.1/wordpress/wp-admin/plugin-install.php?tab=popular&paged=8 Content-Type: application/x-www-form-urlencoded; charset=UTF-8 X-Requested-With: XMLHttpRequest Content-Length: 93 Origin: http://127.0.0.1 Connection: keep-alive Cookie: Author+ cookies Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: same-origin action=save_ai_generated_image&admin_nonce=nonce_from_profile.php&prompt=x&image_url=http://127.0.0.1:443____
Cloud credential theft: Access to IMDS (e.g., AWS/GCP/Azure metadata) can expose temporary credentials and lead to cloud-account compromise well beyond WordPress.
Internal service reconnaissance: Responses from admin dashboards, service registries, or sidecar APIs reveal internal topology, versions, and secrets, enabling lateral movement or targeted RCE.
Policy evasion and smuggling: Since non-image responses are saved with a “.png” extension and no validation, the upload store becomes a blind data bucket, aiding content smuggling or chained attacks.
Persistent artifacts: Every probe creates a media file under uploads/, leaving sensitive data at a predictable URL until cleanup, increasing the window for further leakage or accidental exposure by editors.
Recommendations for Improved Security
For the plugin vendor (Essential Blocks):
- Enforce destination policies: Deny loopback (
127.0.0.0/8,::1), RFC1918 ranges, link-local, and metadata endpoints (e.g.,169.254.169.254,fd00::/8). Consider a default-deny allow-list for approved public hosts. - Validate content as image: Require successful magic-byte checks and decode via GD/Imagick; reject responses that are not a legitimate image type and size.
- Do not persist untrusted bytes: If validation fails, do not write the body to disk or the Media Library; return an error.
- Size/time limits & redirects: Cap response size and hop counts; block redirects to private addresses; set sane connect/read timeouts.
- Nonce & role scoping: Keep the action restricted to
upload_filesas today, but pair with purpose-built noncesscoped per action and session; avoid exposing nonces widely in the admin UI. - Logging & telemetry: Log the requested URL, result, and caller (user ID, IP) for incident response; add admin notices for repeated failures from suspicious hosts.
For site owners / defenders:
- Update immediately once a patched release ships; audit Media Library for suspicious “.png” entries created around unusual times and remove any non-image blobs.
- Harden egress: If possible, block outbound HTTP(S) from PHP except to vetted domains (host firewalls, container egress rules, or a proxy with allow-lists).
- Cloud IMDS protections: On AWS use IMDSv2 and restrict from the web tier; apply equivalent hardening on other clouds.
- Secrets rotation: If IMDS or internal endpoints may have been reached, rotate credentials (cloud, API tokens) and review logs for access anomalies.
- WAF / plugin policy: Add WAF rules that block
admin-ajax.phprequests withaction=save_ai_generated_imagefrom untrusted origins or rate-limit aggressively.
By taking proactive measures to address Missing Auth vulnerabilities like CVE-2025-11361 WordPress website owners can enhance their security posture and safeguard against potential exploitation. Stay vigilant, stay secure.
#WordPressSecurity #SSRF #WebsiteSafety #StayProtected #HighVulnerability
Use CleanTalk solutions to improve the security of your website
Dmitrii I.