Hunter AI WordPress Plugin Patches Critical SSRF Vulnerability in Image Generator

A critical Server-Side Request Forgery (SSRF) vulnerability has been patched in the Hunter AI plugin's image generator for WordPress. The flaw allowed the AI engine to potentially fetch images from internal network addresses, exposing servers to significant risk. The core issue was the use of the `wp_remote_get` function to retrieve images from user-provided URLs without validating that the target was a public internet address, creating a direct path for attackers to probe or attack internal systems.

The vulnerability's root cause was a lack of validation on the target URL's destination. Since the image URLs originated from the AI engine, they constituted external input that could be manipulated. The fix involved replacing the insecure `wp_remote_get` call with `wp_safe_remote_get`, a WordPress function that enforces DNS validation and automatically blocks requests to private IP ranges and internal hosts. This change was verified through code inspection to ensure the secure function is correctly implemented.

The patch, created automatically by a developer tool named Jules, closes a dangerous security gap that could have led to data exposure, internal network reconnaissance, or further exploitation. For administrators using the Hunter plugin, this update is essential to prevent unauthorized internal network access. The incident underscores the persistent security risks when AI-generated content interacts with core web platform functions without proper input sanitization.