CVE-2026-1294 | All In One Image Viewer Block Plugin up to 1.0.2 on WordPress REST API Endpoint server-side request forgery

Inserito da Angelo Barbosa | Feb 5, 2026 | CVE

A vulnerability labeled as critical has been found in All In One Image Viewer Block Plugin up to 1.0.2 on WordPress. This issue affects some unknown processing of the component REST API Endpoint. Such manipulation leads to server-side request forgery.

This vulnerability is referenced as CVE-2026-1294. It is possible to launch the attack remotely. No exploit is available.

CVE-2026-1294 | All In One Image Viewer Block Plugin up to 1.0.2 on WordPress REST API Endpoint server-side request forgery

Post correlati

CVE-2024-36656 | MintHCM 4.0.3 cross site scripting

CVE-2024-55513 | Raisecom MSG1200/MSG2100E/MSG2200/MSG2300 3.90 Web Interface /upload_netaction.php form name unrestricted upload

CVE-2024-27982 | Node.js up to 18.20.0/20.12.0/21.7.2 Header Content-Length request smuggling

CVE-2024-45836 | PLANEX CS-QR10/CS-QR20/CS-QR22/CS-QR220/CS-QR300 Web Management Page cross site scripting