Vulnerabilities > Server-Side Request Forgery (SSRF)

DATE CVE VULNERABILITY TITLE RISK
2025-03-09 CVE-2025-2116 A vulnerability has been found in Beijing Founder Electronics Founder Enjoys All-Media Acquisition and Editing System 3.0 and classified as problematic.
network
low complexity
CWE-918
4.3
4.3
2025-03-08 CVE-2024-13924 The Starter Templates by FancyWP plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 2.0.0 via the 'http_request_host_is_external' filter.
network
low complexity
CWE-918
5.3
5.3
2025-03-07 CVE-2024-13857 The WPGet API – Connect to any external REST API plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.2.10.
network
low complexity
CWE-918
5.5
5.5
2025-03-07 CVE-2024-13904 The Platform.ly for WooCommerce plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 1.1.6 via the 'hooks' function.
network
low complexity
CWE-918
5.3
5.3
2025-03-03 CVE-2025-25301 Server-Side Request Forgery (SSRF) vulnerability in Danielgatis Rembg
Rembg is a tool to remove images background.
network
low complexity
danielgatis CWE-918
7.5
7.5
2025-03-01 CVE-2024-13697 The Better Messages – Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.7.4 via the 'nice_links'.
network
high complexity
CWE-918
4.8
4.8
2025-02-28 CVE-2025-1662 Server-Side Request Forgery (SSRF) vulnerability in Apprhyme URL Media Uploader
The URL Media Uploader plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.0.0 via the 'url_media_uploader_url_upload' action.
network
low complexity
apprhyme CWE-918
6.4
6.4
2025-02-27 CVE-2024-13907 The Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.16.8 via the 'download' function.
network
low complexity
CWE-918
4.9
4.9
2025-02-27 CVE-2024-13905 The OneStore Sites plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 0.1.1 via the class-export.php file.
network
low complexity
CWE-918
5.3
5.3
2025-02-25 CVE-2024-13695 Server-Side Request Forgery (SSRF) vulnerability in Kriesi Enfold
The Enfold theme for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.0.9 via the 'attachment_id' parameter.
network
low complexity
kriesi CWE-918
5.4
5.4