Vulnerabilities and security researches forauto-save-remote-images-drafts auto-save-remote-images-drafts

Sep 10, 2025

CVE, Research URL: CVE-2025-7843
Home page URL: Security reports for Auto Save Remote Images (Drafts)
Application: Auto Save Remote Images (Drafts)
Date: Sep 10, 2025
Research Description: The Auto Save Remote Images (Drafts) plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.0.9 via the fetch_images() function. This makes it possible for authenticated attackers, with Contributor-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.
Affected versions: Min -, max -.
Status: vulnerable