CVE-2025-60175
Description
Administrator SSRF vulnerability in PopAd plugin versions <= 1.0.4 allows forced arbitrary server requests, exposing internal services.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Administrator SSRF vulnerability in PopAd plugin versions <= 1.0.4 allows forced arbitrary server requests, exposing internal services.
Vulnerability
Server Side Request Forgery (SSRF) exists in the PopAd plugin for WordPress, versions 1.0.4 and earlier. The vulnerability is triggered via admin-level requests, allowing manipulated server requests to arbitrary domains. [1]
Exploitation
An attacker must have administrator access to the WordPress site. By crafting a malicious input, they can force the server to make HTTP requests to any domain of the attacker's choice, bypassing intended restrictions. [1]
Impact
Successful exploitation can lead to information disclosure by accessing internal services or sensitive data from other systems running on the same server. The attacker can potentially scan internal networks and retrieve non-public information. [1]
Mitigation
Update the PopAd plugin to version 1.0.5 or later if available. As an immediate workaround, restrict admin access or disable the plugin until a patch is applied. [1]
AI Insight generated on Jun 15, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.