What happened
The Instant Image Generator WordPress plugin (<=2.1.4) contains an SSRF vulnerability (CVSS 6.4).
Why it matters
Narrow blast radius limited to sites using this specific AI image-generation plugin, but SSRF could be used to probe internal networks or reach cloud metadata endpoints from the hosting server.
Attack vector
Server-side request forgery in the AI image generation plugin allows an attacker to make the server issue requests to arbitrary/internal destinations.
Affected systems
bdthemes Instant Image Generator (ai-image), through <= 2.1.4
Mitigation
Update beyond 2.1.4 per Patchstack advisory.