Vulnerabilities > Server-Side Request Forgery (SSRF)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-03-01 | CVE-2024-13697 | The Better Messages – Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.7.4 via the 'nice_links'. | 4.8 |
| 2025-02-28 | CVE-2025-1662 | Server-Side Request Forgery (SSRF) vulnerability in Apprhyme URL Media Uploader The URL Media Uploader plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.0.0 via the 'url_media_uploader_url_upload' action. | 6.4 |
| 2025-02-27 | CVE-2024-13907 | Server-Side Request Forgery (SSRF) vulnerability in Boldgrid Total Upkeep The Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.16.8 via the 'download' function. | 6.5 |
| 2025-02-27 | CVE-2024-13905 | Server-Side Request Forgery (SSRF) vulnerability in Sainwp Onestore Sites The OneStore Sites plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 0.1.1 via the class-export.php file. | 9.1 |
| 2025-02-25 | CVE-2024-13695 | Server-Side Request Forgery (SSRF) vulnerability in Kriesi Enfold The Enfold theme for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.0.9 via the 'attachment_id' parameter. | 5.4 |
| 2025-02-20 | CVE-2025-1043 | The Embed Any Document – Embed PDF, Word, PowerPoint and Excel Files plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.7.5 via the 'embeddoc' shortcode. | 6.4 |
| 2025-02-19 | CVE-2025-27090 | Server-Side Request Forgery (SSRF) vulnerability in Bishopfox Sliver Sliver is an open source cross-platform adversary emulation/red team framework, it can be used by organizations of all sizes to perform security testing. | 5.3 |
| 2025-02-19 | CVE-2025-1447 | A vulnerability was found in kasuganosoras Pigeon 1.0.177. | 4.3 |
| 2025-02-18 | CVE-2024-13741 | Server-Side Request Forgery (SSRF) vulnerability in Metagauss Profilegrid The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to Limited Server-Side Request Forgery in all versions up to, and including, 5.9.4.2 via the pm_upload_image function. | 5.4 |
| 2025-02-17 | CVE-2024-13879 | The Stream plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.0.2 due to insufficient validation on the webhook feature. | 5.5 |