This PoC describe how to exploit SSRF on EXMAGE - WordPress Image Links version 1.0.3
CVE-2022-1037 | EXMAGE <= 1.0.4 - Admin+ Blind SSRF
The EXMAGE plugin - WordPress Image Links version 1.0.3 does not have protections against SSRF, so it is possible to forge requests to internal services and enumerate web servers that are not directly exposed, if you know the path of an image
Let's say there is a web service that is running locally
After trying to directly access the service, we are not successful
Then, we can perform an enumeration of this service through the SSRF present in the EXMAGE plugin - WordPress Image Links
with this, we were able to enumerate web servers by forging requests.