CWE-918

Server-Side Request Forgery (SSRF)

BaseIncomplete

Description

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

Hierarchy (View 1000)

Parents

CWE-441

Children

none

Related attack patterns (CAPEC)

CAPEC-664

CVEs mapped to this weakness (922)

page 41 of 47

CVE	Sev	Risk	CVSS	Published	Description
CVE-2025-53457	Med	0.29	4.4	Sep 22, 2025	Server-Side Request Forgery (SSRF) vulnerability in activewebsight SEO Backlink Monitor seo-backlink-monitor allows Server Side Request Forgery.This issue affects SEO Backlink Monitor: from n/a through <= 1.8.0.
CVE-2025-58615	Med	0.29	4.4	Sep 3, 2025	Server-Side Request Forgery (SSRF) vulnerability in gfazioli WP Bannerize Pro wp-bannerize-pro allows Server Side Request Forgery.This issue affects WP Bannerize Pro: from n/a through <= 1.10.0.
CVE-2025-58203	Med	0.29	4.4	Aug 27, 2025	Server-Side Request Forgery (SSRF) vulnerability in solacewp Solace Extra solace-extra allows Server Side Request Forgery.This issue affects Solace Extra: from n/a through <= 1.3.2.
CVE-2025-57814	Med	0.29	—	Aug 25, 2025	request-filtering-agent is an http(s).Agent implementation that blocks requests to Private/Reserved IP addresses. Versions 1.x.x and earlier contain a vulnerability where HTTPS requests to 127.0.0.1 bypass IP address filtering, while HTTP requests are correctly blocked. This allows attackers to potentially access internal HTTPS services running on localhost, bypassing the library's SSRF protection. The vulnerability is particularly dangerous when the application accepts user-controlled URLs and internal services are only protected by network-level restrictions. This vulnerability has been fixed in request-filtering-agent version 2.0.0. Users should upgrade to version 2.0.0 or later.
CVE-2025-48294	Med	0.29	4.4	Jul 16, 2025	Server-Side Request Forgery (SSRF) vulnerability in Kerfred FG Drupal to WordPress fg-drupal-to-wp allows Server Side Request Forgery.This issue affects FG Drupal to WordPress: from n/a through <= 3.90.0.
CVE-2025-47664	Med	0.29	4.4	May 7, 2025	Server-Side Request Forgery (SSRF) vulnerability in ThimPress WP Pipes allows Server Side Request Forgery. This issue affects WP Pipes: from n/a through 1.4.2.
CVE-2025-26990	Med	0.29	4.4	Apr 15, 2025	Server-Side Request Forgery (SSRF) vulnerability in WP Royal Royal Elementor Addons royal-elementor-addons allows Server Side Request Forgery.This issue affects Royal Elementor Addons: from n/a through <= 1.7.1006.
CVE-2025-30914	Med	0.29	4.4	Mar 27, 2025	Server-Side Request Forgery (SSRF) vulnerability in Roxnor Metform metform allows Server Side Request Forgery.This issue affects Metform: from n/a through <= 3.9.2.
CVE-2025-24703	Med	0.29	4.4	Jan 24, 2025	Server-Side Request Forgery (SSRF) vulnerability in Ronald Huereca Comment Edit Core – Simple Comment Editing simple-comment-editing allows Server Side Request Forgery.This issue affects Comment Edit Core – Simple Comment Editing: from n/a through <= 3.0.33.
CVE-2025-24701	Med	0.29	4.4	Jan 24, 2025	Server-Side Request Forgery (SSRF) vulnerability in Bob Chained Quiz chained-quiz allows Server Side Request Forgery.This issue affects Chained Quiz: from n/a through <= 1.3.2.9.
CVE-2025-24695	Med	0.29	4.4	Jan 24, 2025	Server-Side Request Forgery (SSRF) vulnerability in HT Plugins Extensions For CF7 extensions-for-cf7 allows Server Side Request Forgery.This issue affects Extensions For CF7: from n/a through <= 3.2.0.
CVE-2024-53738	Med	0.29	4.4	Nov 30, 2024	Server-Side Request Forgery (SSRF) vulnerability in Gabe Livan Asset CleanUp: Page Speed Booster wp-asset-clean-up allows Server Side Request Forgery.This issue affects Asset CleanUp: Page Speed Booster: from n/a through <= 1.3.9.8.
CVE-2024-51785	Med	0.29	4.4	Nov 9, 2024	Server-Side Request Forgery (SSRF) vulnerability in Nks Responsive Filterable Portfolio responsive-filterable-portfolio allows Server Side Request Forgery.This issue affects Responsive Filterable Portfolio: from n/a through <= 1.0.22.
CVE-2024-35633	Med	0.29	4.4	Jun 3, 2024	Server-Side Request Forgery (SSRF) vulnerability in Creative Themes Blocksy Companion blocksy-companion.This issue affects Blocksy Companion: from n/a through <= 2.0.42.
CVE-2024-35637	Med	0.29	4.4	Jun 3, 2024	Server-Side Request Forgery (SSRF) vulnerability in andy_moyle Church Admin church-admin.This issue affects Church Admin: from n/a through <= 4.3.6.
CVE-2024-35172	Med	0.29	4.4	May 14, 2024	Server-Side Request Forgery (SSRF) vulnerability in ShortPixel ShortPixel Adaptive Images shortpixel-adaptive-images.This issue affects ShortPixel Adaptive Images: from n/a through <= 3.8.3.
CVE-2024-33629	Med	0.29	4.4	Apr 29, 2024	Server-Side Request Forgery (SSRF) vulnerability in Creative Motion Auto Featured Image (Auto Post Thumbnail).This issue affects Auto Featured Image (Auto Post Thumbnail): from n/a through 4.0.0.
CVE-2024-33627	Med	0.29	4.4	Apr 29, 2024	Server-Side Request Forgery (SSRF) vulnerability in Cusmin Absolutely Glamorous Custom Admin.This issue affects Absolutely Glamorous Custom Admin: from n/a through 7.2.2.
CVE-2024-32430	Med	0.29	4.4	Apr 15, 2024	Server-Side Request Forgery (SSRF) vulnerability in ActiveCampaign.This issue affects ActiveCampaign: from n/a through 8.1.14.
CVE-2024-32454	Med	0.29	4.4	Apr 15, 2024	Server-Side Request Forgery (SSRF) vulnerability in Wappointment Appointment Bookings for Zoom GoogleMeet and more – Wappointment.This issue affects Appointment Bookings for Zoom GoogleMeet and more – Wappointment: from n/a through 2.6.0.

CVE-2025-53457MedSep 22, 2025
risk 0.29cvss 4.4epss 0.00
Server-Side Request Forgery (SSRF) vulnerability in activewebsight SEO Backlink Monitor seo-backlink-monitor allows Server Side Request Forgery.This issue affects SEO Backlink Monitor: from n/a through <= 1.8.0.
CVE-2025-58615MedSep 3, 2025
risk 0.29cvss 4.4epss 0.00
Server-Side Request Forgery (SSRF) vulnerability in gfazioli WP Bannerize Pro wp-bannerize-pro allows Server Side Request Forgery.This issue affects WP Bannerize Pro: from n/a through <= 1.10.0.
CVE-2025-58203MedAug 27, 2025
risk 0.29cvss 4.4epss 0.00
Server-Side Request Forgery (SSRF) vulnerability in solacewp Solace Extra solace-extra allows Server Side Request Forgery.This issue affects Solace Extra: from n/a through <= 1.3.2.
CVE-2025-57814MedAug 25, 2025
risk 0.29cvss —epss 0.00
request-filtering-agent is an http(s).Agent implementation that blocks requests to Private/Reserved IP addresses. Versions 1.x.x and earlier contain a vulnerability where HTTPS requests to 127.0.0.1 bypass IP address filtering, while HTTP requests are correctly blocked. This allows attackers to potentially access internal HTTPS services running on localhost, bypassing the library's SSRF protection. The vulnerability is particularly dangerous when the application accepts user-controlled URLs and internal services are only protected by network-level restrictions. This vulnerability has been fixed in request-filtering-agent version 2.0.0. Users should upgrade to version 2.0.0 or later.
CVE-2025-48294MedJul 16, 2025
risk 0.29cvss 4.4epss 0.00
Server-Side Request Forgery (SSRF) vulnerability in Kerfred FG Drupal to WordPress fg-drupal-to-wp allows Server Side Request Forgery.This issue affects FG Drupal to WordPress: from n/a through <= 3.90.0.
CVE-2025-47664MedMay 7, 2025
risk 0.29cvss 4.4epss 0.00
Server-Side Request Forgery (SSRF) vulnerability in ThimPress WP Pipes allows Server Side Request Forgery. This issue affects WP Pipes: from n/a through 1.4.2.
CVE-2025-26990MedApr 15, 2025
risk 0.29cvss 4.4epss 0.00
Server-Side Request Forgery (SSRF) vulnerability in WP Royal Royal Elementor Addons royal-elementor-addons allows Server Side Request Forgery.This issue affects Royal Elementor Addons: from n/a through <= 1.7.1006.
CVE-2025-30914MedMar 27, 2025
risk 0.29cvss 4.4epss 0.00
Server-Side Request Forgery (SSRF) vulnerability in Roxnor Metform metform allows Server Side Request Forgery.This issue affects Metform: from n/a through <= 3.9.2.
CVE-2025-24703MedJan 24, 2025
risk 0.29cvss 4.4epss 0.00
Server-Side Request Forgery (SSRF) vulnerability in Ronald Huereca Comment Edit Core – Simple Comment Editing simple-comment-editing allows Server Side Request Forgery.This issue affects Comment Edit Core – Simple Comment Editing: from n/a through <= 3.0.33.
CVE-2025-24701MedJan 24, 2025
risk 0.29cvss 4.4epss 0.00
Server-Side Request Forgery (SSRF) vulnerability in Bob Chained Quiz chained-quiz allows Server Side Request Forgery.This issue affects Chained Quiz: from n/a through <= 1.3.2.9.
CVE-2025-24695MedJan 24, 2025
risk 0.29cvss 4.4epss 0.00
Server-Side Request Forgery (SSRF) vulnerability in HT Plugins Extensions For CF7 extensions-for-cf7 allows Server Side Request Forgery.This issue affects Extensions For CF7: from n/a through <= 3.2.0.
CVE-2024-53738MedNov 30, 2024
risk 0.29cvss 4.4epss 0.00
Server-Side Request Forgery (SSRF) vulnerability in Gabe Livan Asset CleanUp: Page Speed Booster wp-asset-clean-up allows Server Side Request Forgery.This issue affects Asset CleanUp: Page Speed Booster: from n/a through <= 1.3.9.8.
CVE-2024-51785MedNov 9, 2024
risk 0.29cvss 4.4epss 0.00
Server-Side Request Forgery (SSRF) vulnerability in Nks Responsive Filterable Portfolio responsive-filterable-portfolio allows Server Side Request Forgery.This issue affects Responsive Filterable Portfolio: from n/a through <= 1.0.22.
CVE-2024-35633MedJun 3, 2024
risk 0.29cvss 4.4epss 0.00
Server-Side Request Forgery (SSRF) vulnerability in Creative Themes Blocksy Companion blocksy-companion.This issue affects Blocksy Companion: from n/a through <= 2.0.42.
CVE-2024-35637MedJun 3, 2024
risk 0.29cvss 4.4epss 0.00
Server-Side Request Forgery (SSRF) vulnerability in andy_moyle Church Admin church-admin.This issue affects Church Admin: from n/a through <= 4.3.6.
CVE-2024-35172MedMay 14, 2024
risk 0.29cvss 4.4epss 0.00
Server-Side Request Forgery (SSRF) vulnerability in ShortPixel ShortPixel Adaptive Images shortpixel-adaptive-images.This issue affects ShortPixel Adaptive Images: from n/a through <= 3.8.3.
CVE-2024-33629MedApr 29, 2024
risk 0.29cvss 4.4epss 0.00
Server-Side Request Forgery (SSRF) vulnerability in Creative Motion Auto Featured Image (Auto Post Thumbnail).This issue affects Auto Featured Image (Auto Post Thumbnail): from n/a through 4.0.0.
CVE-2024-33627MedApr 29, 2024
risk 0.29cvss 4.4epss 0.00
Server-Side Request Forgery (SSRF) vulnerability in Cusmin Absolutely Glamorous Custom Admin.This issue affects Absolutely Glamorous Custom Admin: from n/a through 7.2.2.
CVE-2024-32430MedApr 15, 2024
risk 0.29cvss 4.4epss 0.00
Server-Side Request Forgery (SSRF) vulnerability in ActiveCampaign.This issue affects ActiveCampaign: from n/a through 8.1.14.
CVE-2024-32454MedApr 15, 2024
risk 0.29cvss 4.4epss 0.00
Server-Side Request Forgery (SSRF) vulnerability in Wappointment Appointment Bookings for Zoom GoogleMeet and more – Wappointment.This issue affects Appointment Bookings for Zoom GoogleMeet and more – Wappointment: from n/a through 2.6.0.