Vulnerability  ·  2026-07-14

Instant Image Generator WordPress Plugin — SSRF

VulnerabilityMedium impactGlobalCVE-2026-57413
The Instant Image Generator WordPress plugin (<=2.1.4) contains an SSRF vulnerability (CVSS 6.4).
Narrow blast radius limited to sites using this specific AI image-generation plugin, but SSRF could be used to probe internal networks or reach cloud metadata endpoints from the hosting server.
Server-side request forgery in the AI image generation plugin allows an attacker to make the server issue requests to arbitrary/internal destinations.
bdthemes Instant Image Generator (ai-image), through <= 2.1.4
Update beyond 2.1.4 per Patchstack advisory.
Patchstack - Instant Image Generator SSRF
See this in the live feed Explore related AI security and governance findings — updated every morning.
Open the feed →