CWE-918

Server-Side Request Forgery (SSRF)

BaseIncomplete

Description

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

Hierarchy (View 1000)

Parents

CWE-441

Children

none

Related attack patterns (CAPEC)

CAPEC-664

CVEs mapped to this weakness (922)

page 38 of 47

CVE	Sev	Risk	CVSS	EPSS	Published	Description
CVE-2025-32487	Med	0.32	4.9	0.00	Apr 9, 2025	Server-Side Request Forgery (SSRF) vulnerability in Joe Waymark waymark allows Server Side Request Forgery.This issue affects Waymark: from n/a through <= 1.5.2.
CVE-2025-31076	Med	0.32	4.9	0.00	Mar 28, 2025	Server-Side Request Forgery (SSRF) vulnerability in WP Compress WP Compress for MainWP wp-compress-mainwp allows Server Side Request Forgery.This issue affects WP Compress for MainWP: from n/a through <= 6.30.03.
CVE-2025-22672	Med	0.32	4.9	0.00	Mar 27, 2025	Server-Side Request Forgery (SSRF) vulnerability in SuitePlugins Video & Photo Gallery for Ultimate Member gallery-for-ultimate-member allows Server Side Request Forgery.This issue affects Video & Photo Gallery for Ultimate Member: from n/a through <= 1.1.2.
CVE-2024-48234	Med	0.32	4.9	0.00	Oct 25, 2024	An issue was discovered in mipjz 5.0.5. In the push method of app\tag\controller\ApiAdminTag.php the value of the postAddress parameter is not processed and is directly passed into curl_exec execution and output, resulting in Server-side request forgery (SSRF) vulnerability that can read server files.
CVE-2024-49312	Med	0.32	4.9	0.01	Oct 17, 2024	Server-Side Request Forgery (SSRF) vulnerability in WisdmLabs Edwiser Bridge edwiser-bridge.This issue affects Edwiser Bridge: from n/a through <= 3.0.7.
CVE-2024-38758	Med	0.32	4.9	0.00	Jul 20, 2024	Server-Side Request Forgery (SSRF) vulnerability in WappPress Team WappPress.This issue affects WappPress: from n/a through 6.0.4.
CVE-2024-37208	Med	0.32	4.9	0.00	Jul 6, 2024	Server-Side Request Forgery (SSRF) vulnerability in Robert Macchi WP Scraper.This issue affects WP Scraper: from n/a through 5.7.
CVE-2024-32775	Med	0.32	4.9	0.00	Apr 24, 2024	Server-Side Request Forgery (SSRF) vulnerability in Pavex Embed Google Photos album.This issue affects Embed Google Photos album: from n/a through 2.1.9.
CVE-2024-32718	Med	0.32	4.9	0.00	Apr 24, 2024	Server-Side Request Forgery (SSRF) vulnerability in Webangon The Pack Elementor.This issue affects The Pack Elementor addons: from n/a through 2.0.8.2.
CVE-2024-32955	Med	0.32	4.9	0.00	Apr 24, 2024	Server-Side Request Forgery (SSRF) vulnerability in Foliovision FV Flowplayer Video Player.This issue affects FV Flowplayer Video Player: from n/a through 7.5.43.7212.
CVE-2024-32819	Med	0.32	4.9	0.00	Apr 24, 2024	Server-Side Request Forgery (SSRF) vulnerability in Culqi.This issue affects Culqi: from n/a through 3.0.14.
CVE-2024-30532	Med	0.32	4.9	0.00	Apr 2, 2024	Server-Side Request Forgery (SSRF) vulnerability in Builderall Team Builderall Builder for WordPress.This issue affects Builderall Builder for WordPress: from n/a through 2.0.1.
CVE-2024-30531	Med	0.32	4.9	0.00	Apr 2, 2024	Server-Side Request Forgery (SSRF) vulnerability in Nelio Software Nelio Content.This issue affects Nelio Content: from n/a through 3.2.0.
CVE-2024-25915	Med	0.32	4.9	0.00	Feb 23, 2024	Server-Side Request Forgery (SSRF) vulnerability in Raaj Trambadia Pexels: Free Stock Photos.This issue affects Pexels: Free Stock Photos: from n/a through 1.2.2.
CVE-2024-22134	Med	0.32	4.9	0.00	Jan 24, 2024	Server-Side Request Forgery (SSRF) vulnerability in Renzo Johnson Contact Form 7 Extension For Mailchimp.This issue affects Contact Form 7 Extension For Mailchimp: from n/a through 0.5.70.
CVE-2023-51676	Med	0.32	4.9	0.00	Dec 29, 2023	Server-Side Request Forgery (SSRF) vulnerability in Leevio Happy Addons for Elementor.This issue affects Happy Addons for Elementor: from n/a through 3.9.1.1.
CVE-2023-49746	Med	0.32	4.9	0.00	Dec 7, 2023	Server-Side Request Forgery (SSRF) vulnerability in Softaculous Team SpeedyCache – Cache, Optimization, Performance.This issue affects SpeedyCache – Cache, Optimization, Performance: from n/a through 1.1.2.
CVE-2023-46641	Med	0.32	4.9	0.00	Dec 7, 2023	Server-Side Request Forgery (SSRF) vulnerability in Code for Recovery 12 Step Meeting List.This issue affects 12 Step Meeting List: from n/a through 3.14.24.
CVE-2026-44661	Med	0.31	4.7	0.00	May 14, 2026	python-utcp is the python implementation of UTCP. Prior to 1.1.3, the utcp-http plugin is vulnerable to a blind Server-Side Request Forgery (SSRF) caused by a trust-boundary inconsistency between manual discovery and tool invocation. register_manual() validates the discovery URL against an HTTPS / loopback allowlist, but call_tool() and call_tool_streaming() reuse the resolved tool_call_template.url directly without revalidating, and the OpenAPI converter blindly trusts whatever servers[0].url an attacker-hosted spec declares. An attacker who hosts a malicious OpenAPI spec on a legitimate HTTPS endpoint can declare e.g. servers: [{ url: "http://127.0.0.1:9090" }] or servers: [{ url: "http://169.254.169.254" }]; the OpenAPI converter then produces tools whose URL points at internal services on the agent host. All three HTTP-class protocols (utcp_http.http, utcp_http.streamable_http, utcp_http.sse) shared the same gap. This vulnerability is fixed in 1.1.3.
CVE-2026-44363	Med	0.31	—	0.00	May 13, 2026	MISP modules are autonomous modules that can be used to extend MISP for new services. Prior to 3.0.7, an unsafe remote resource fetching vulnerability existed in MISP Modules expansion modules. The html_to_markdown module accepted arbitrary HTTP(S) URLs without sufficient validation, which could allow Server-Side Request Forgery against loopback, private, or link-local network resources. Additionally, the qrcode module disabled TLS certificate verification when retrieving remote images, exposing requests to potential man-in-the-middle interception or response tampering. The issue was fixed by validating URL schemes, blocking local and private address ranges, resolving hostnames before fetching, enforcing request timeouts, and re-enabling TLS certificate verification. This vulnerability is fixed in 3.0.7.

CVE-2025-32487MedApr 9, 2025
risk 0.32cvss 4.9epss 0.00
Server-Side Request Forgery (SSRF) vulnerability in Joe Waymark waymark allows Server Side Request Forgery.This issue affects Waymark: from n/a through <= 1.5.2.
CVE-2025-31076MedMar 28, 2025
risk 0.32cvss 4.9epss 0.00
Server-Side Request Forgery (SSRF) vulnerability in WP Compress WP Compress for MainWP wp-compress-mainwp allows Server Side Request Forgery.This issue affects WP Compress for MainWP: from n/a through <= 6.30.03.
CVE-2025-22672MedMar 27, 2025
risk 0.32cvss 4.9epss 0.00
Server-Side Request Forgery (SSRF) vulnerability in SuitePlugins Video & Photo Gallery for Ultimate Member gallery-for-ultimate-member allows Server Side Request Forgery.This issue affects Video & Photo Gallery for Ultimate Member: from n/a through <= 1.1.2.
CVE-2024-48234MedOct 25, 2024
risk 0.32cvss 4.9epss 0.00
An issue was discovered in mipjz 5.0.5. In the push method of app\tag\controller\ApiAdminTag.php the value of the postAddress parameter is not processed and is directly passed into curl_exec execution and output, resulting in Server-side request forgery (SSRF) vulnerability that can read server files.
CVE-2024-49312MedOct 17, 2024
risk 0.32cvss 4.9epss 0.01
Server-Side Request Forgery (SSRF) vulnerability in WisdmLabs Edwiser Bridge edwiser-bridge.This issue affects Edwiser Bridge: from n/a through <= 3.0.7.
CVE-2024-38758MedJul 20, 2024
risk 0.32cvss 4.9epss 0.00
Server-Side Request Forgery (SSRF) vulnerability in WappPress Team WappPress.This issue affects WappPress: from n/a through 6.0.4.
CVE-2024-37208MedJul 6, 2024
risk 0.32cvss 4.9epss 0.00
Server-Side Request Forgery (SSRF) vulnerability in Robert Macchi WP Scraper.This issue affects WP Scraper: from n/a through 5.7.
CVE-2024-32775MedApr 24, 2024
risk 0.32cvss 4.9epss 0.00
Server-Side Request Forgery (SSRF) vulnerability in Pavex Embed Google Photos album.This issue affects Embed Google Photos album: from n/a through 2.1.9.
CVE-2024-32718MedApr 24, 2024
risk 0.32cvss 4.9epss 0.00
Server-Side Request Forgery (SSRF) vulnerability in Webangon The Pack Elementor.This issue affects The Pack Elementor addons: from n/a through 2.0.8.2.
CVE-2024-32955MedApr 24, 2024
risk 0.32cvss 4.9epss 0.00
Server-Side Request Forgery (SSRF) vulnerability in Foliovision FV Flowplayer Video Player.This issue affects FV Flowplayer Video Player: from n/a through 7.5.43.7212.
CVE-2024-32819MedApr 24, 2024
risk 0.32cvss 4.9epss 0.00
Server-Side Request Forgery (SSRF) vulnerability in Culqi.This issue affects Culqi: from n/a through 3.0.14.
CVE-2024-30532MedApr 2, 2024
risk 0.32cvss 4.9epss 0.00
Server-Side Request Forgery (SSRF) vulnerability in Builderall Team Builderall Builder for WordPress.This issue affects Builderall Builder for WordPress: from n/a through 2.0.1.
CVE-2024-30531MedApr 2, 2024
risk 0.32cvss 4.9epss 0.00
Server-Side Request Forgery (SSRF) vulnerability in Nelio Software Nelio Content.This issue affects Nelio Content: from n/a through 3.2.0.
CVE-2024-25915MedFeb 23, 2024
risk 0.32cvss 4.9epss 0.00
Server-Side Request Forgery (SSRF) vulnerability in Raaj Trambadia Pexels: Free Stock Photos.This issue affects Pexels: Free Stock Photos: from n/a through 1.2.2.
CVE-2024-22134MedJan 24, 2024
risk 0.32cvss 4.9epss 0.00
Server-Side Request Forgery (SSRF) vulnerability in Renzo Johnson Contact Form 7 Extension For Mailchimp.This issue affects Contact Form 7 Extension For Mailchimp: from n/a through 0.5.70.
CVE-2023-51676MedDec 29, 2023
risk 0.32cvss 4.9epss 0.00
Server-Side Request Forgery (SSRF) vulnerability in Leevio Happy Addons for Elementor.This issue affects Happy Addons for Elementor: from n/a through 3.9.1.1.
CVE-2023-49746MedDec 7, 2023
risk 0.32cvss 4.9epss 0.00
Server-Side Request Forgery (SSRF) vulnerability in Softaculous Team SpeedyCache – Cache, Optimization, Performance.This issue affects SpeedyCache – Cache, Optimization, Performance: from n/a through 1.1.2.
CVE-2023-46641MedDec 7, 2023
risk 0.32cvss 4.9epss 0.00
Server-Side Request Forgery (SSRF) vulnerability in Code for Recovery 12 Step Meeting List.This issue affects 12 Step Meeting List: from n/a through 3.14.24.
CVE-2026-44661MedMay 14, 2026
risk 0.31cvss 4.7epss 0.00
python-utcp is the python implementation of UTCP. Prior to 1.1.3, the utcp-http plugin is vulnerable to a blind Server-Side Request Forgery (SSRF) caused by a trust-boundary inconsistency between manual discovery and tool invocation. register_manual() validates the discovery URL against an HTTPS / loopback allowlist, but call_tool() and call_tool_streaming() reuse the resolved tool_call_template.url directly without revalidating, and the OpenAPI converter blindly trusts whatever servers[0].url an attacker-hosted spec declares. An attacker who hosts a malicious OpenAPI spec on a legitimate HTTPS endpoint can declare e.g. servers: [{ url: "http://127.0.0.1:9090" }] or servers: [{ url: "http://169.254.169.254" }]; the OpenAPI converter then produces tools whose URL points at internal services on the agent host. All three HTTP-class protocols (utcp_http.http, utcp_http.streamable_http, utcp_http.sse) shared the same gap. This vulnerability is fixed in 1.1.3.
CVE-2026-44363MedMay 13, 2026
risk 0.31cvss —epss 0.00
MISP modules are autonomous modules that can be used to extend MISP for new services. Prior to 3.0.7, an unsafe remote resource fetching vulnerability existed in MISP Modules expansion modules. The html_to_markdown module accepted arbitrary HTTP(S) URLs without sufficient validation, which could allow Server-Side Request Forgery against loopback, private, or link-local network resources. Additionally, the qrcode module disabled TLS certificate verification when retrieving remote images, exposing requests to potential man-in-the-middle interception or response tampering. The issue was fixed by validating URL schemes, blocking local and private address ranges, resolving hostnames before fetching, enforcing request timeouts, and re-enabling TLS certificate verification. This vulnerability is fixed in 3.0.7.