CVE-2022-1765 – The Hot Linked Image Cacher WordPress plugin th... (How to Fix)

Q: What is the severity of CVE-2022-1765?

CVE-2022-1765 has a CVSS score of 8.8 (HIGH). The Hot Linked Image Cacher WordPress plugin through version 1.16 is vulnerable to Cross-Site Request Forgery (CSRF). This allows attackers to trick authenticated administrators into caching images from external domains on the server without their consent. WordPress site administrators using vulnerable plugin versions are affected.

📋 TL;DR

The Hot Linked Image Cacher WordPress plugin through version 1.16 is vulnerable to Cross-Site Request Forgery (CSRF). This allows attackers to trick authenticated administrators into caching images from external domains on the server without their consent. WordPress site administrators using vulnerable plugin versions are affected.

💻 Affected Systems

Products:

Hot Linked Image Cacher WordPress plugin

Versions: All versions through 1.16

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Requires an authenticated administrator to be tricked into performing the action.

📦 What is this software?

Hot Linked Image Cacher by Hot Linked Image Cacher Project

View all CVEs affecting Hot Linked Image Cacher →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could cache copyrighted or malicious images on the server, leading to legal liability, copyright infringement claims, or hosting of inappropriate content without the site owner's knowledge.

🟠

Likely Case

Unauthorized caching of external images, potentially violating copyright laws and consuming server storage resources.

🟢

If Mitigated

With proper CSRF protections, only legitimate administrators can cache images with explicit consent.

🌐 Internet-Facing: HIGH

🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires social engineering to trick an authenticated administrator into clicking a malicious link.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Version 1.17 or later

Vendor Advisory: https://wpscan.com/vulnerability/b50e7622-c1dc-485b-a5f5-b010b40eef20

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find 'Hot Linked Image Cacher'. 4. Click 'Update Now' if available. 5. Alternatively, download version 1.17+ from WordPress repository and replace the plugin files.

🔧 Temporary Workarounds

Disable Plugin

all

Temporarily disable the vulnerable plugin until patched.

wp plugin deactivate hot-linked-image-cacher

Implement CSRF Protection

all

Add CSRF tokens to plugin forms if custom patching is possible.

🧯 If You Can't Patch

Remove the plugin entirely if updating is not possible.
Implement web application firewall rules to block CSRF attempts targeting the plugin endpoints.

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel > Plugins > Installed Plugins for 'Hot Linked Image Cacher' version 1.16 or lower.

Check Version:

wp plugin get hot-linked-image-cacher --field=version

Verify Fix Applied:

Verify plugin version is 1.17 or higher in WordPress admin panel.

📡 Detection & Monitoring

Log Indicators:

Unusual POST requests to /wp-admin/admin-ajax.php with action=cache_external_image
Multiple image cache requests from single IP in short time

Network Indicators:

HTTP requests with external image URLs being sent to plugin endpoints

SIEM Query:

source="wordpress.log" AND "cache_external_image" AND status=200

📊 Metadata

CVE ID: CVE-2022-1765

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-352

Published: June 13, 2022

Last Updated: November 21, 2024

🔗 References

https://wpscan.com/vulnerability/b50e7622-c1dc-485b-a5f5-b010b40eef20 Exploit,Third Party Advisory
https://wpscan.com/vulnerability/b50e7622-c1dc-485b-a5f5-b010b40eef20 Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-1765, you might also want to check these: