CWE-918
Server-Side Request Forgery (SSRF)
Description
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.
Hierarchy (View 1000)
Parents
Children
none
Related attack patterns (CAPEC)
CAPEC-664
CVEs mapped to this weakness (1,583)
page 45 of 80| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-40346 | Med | 0.35 | 6.5 | 0.00 | Apr 18, 2026 | NocoBase is an AI-powered no-code/low-code platform for building business applications and enterprise solutions. Prior to version 2.0.37, NocoBase's workflow HTTP request plugin and custom request action plugin make server-side HTTP requests to user-provided URLs without any… | ||
| CVE-2026-40107 | Med | 0.35 | 6.5 | 0.00 | Apr 9, 2026 | SiYuan is a personal knowledge management system. Prior to 3.6.4, SiYuan configures Mermaid.js with securityLevel: "loose" and htmlLabels: true. In this mode, tags with src attributes survive Mermaid's internal DOMPurify and land in SVG blocks. The SVG is… | ||
| CVE-2026-39695 | Med | 0.35 | 5.4 | 0.00 | Apr 8, 2026 | Server-Side Request Forgery (SSRF) vulnerability in podigee Podigee podigee allows Server Side Request Forgery.This issue affects Podigee: from n/a through <= 1.4.0. | ||
| CVE-2026-39647 | Med | 0.35 | 5.4 | 0.00 | Apr 8, 2026 | Server-Side Request Forgery (SSRF) vulnerability in sonaar MP3 Audio Player for Music, Radio & Podcast by Sonaar mp3-music-player-by-sonaar allows Server Side Request Forgery.This issue affects MP3 Audio Player for Music, Radio & Podcast by Sonaar: from n/a through <= 5.11. | ||
| CVE-2026-39645 | Med | 0.35 | 5.4 | 0.00 | Apr 8, 2026 | Server-Side Request Forgery (SSRF) vulnerability in Global Payments GlobalPayments WooCommerce global-payments-woocommerce allows Server Side Request Forgery.This issue affects GlobalPayments WooCommerce: from n/a through <= 1.18.0. | ||
| CVE-2025-15611 | Med | 0.35 | 5.4 | 0.00 | Apr 7, 2026 | The Popup Box WordPress plugin before 5.5.0 does not properly validate nonces in the add_or_edit_popupbox() function before saving popup data, allowing unauthenticated attackers to perform Cross-Site Request Forgery attacks. When an authenticated admin visits a malicious page,… | ||
| CVE-2026-0688 | Med | 0.35 | 6.4 | 0.00 | Apr 2, 2026 | The Webmention plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.6.2 via the 'Tools::read' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to… | ||
| CVE-2026-34740 | Med | 0.35 | 6.5 | 0.00 | Mar 31, 2026 | WWBN AVideo is an open source video platform. In versions 26.0 and prior, the EPG (Electronic Program Guide) link feature in AVideo allows authenticated users with upload permissions to store arbitrary URLs that the server fetches on every EPG page visit. The URL is validated… | ||
| CVE-2026-33992 | Med | 0.35 | 6.5 | 0.00 | Mar 27, 2026 | pyLoad is a free and open-source download manager written in Python. Prior to version 0.5.0b3.dev97, PyLoad's download engine accepts arbitrary URLs without validation, enabling Server-Side Request Forgery (SSRF) attacks. An authenticated attacker can exploit this to access… | ||
| CVE-2026-33766 | Med | 0.35 | 6.5 | 0.00 | Mar 27, 2026 | WWBN AVideo is an open source video platform. In versions up to and including 26.0, `isSSRFSafeURL()` validates URLs against private/reserved IP ranges before fetching, but `url_get_contents()` follows HTTP redirects without re-validating the redirect target. An attacker can… | ||
| CVE-2026-33693 | Med | 0.35 | 6.5 | 0.00 | Mar 27, 2026 | Lemmy is a link aggregator and forum for the fediverse. Prior to version 0.7.0-beta.9, the `v4_is_invalid()` function in `activitypub-federation-rust` (`src/utils.rs`) does not check for `Ipv4Addr::UNSPECIFIED` (0.0.0.0). An unauthenticated attacker controlling a remote domain… | ||
| CVE-2026-32412 | Med | 0.35 | 5.4 | 0.00 | Mar 13, 2026 | Server-Side Request Forgery (SSRF) vulnerability in Gift Up! Gift Up Gift Cards for WordPress and WooCommerce gift-up allows Server Side Request Forgery.This issue affects Gift Up Gift Cards for WordPress and WooCommerce: from n/a through <= 3.1.7. | ||
| CVE-2026-0632 | Med | 0.35 | 5.4 | 0.00 | Feb 9, 2026 | The Fluent Forms Pro Add On Pack plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.1.12 via the 'saveDataSource' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make… | ||
| CVE-2026-24961 | Med | 0.35 | 5.4 | 0.00 | Feb 3, 2026 | Server-Side Request Forgery (SSRF) vulnerability in ThemeGoods Grand Blog grandblog allows Server Side Request Forgery.This issue affects Grand Blog: from n/a through < 3.1.5. | ||
| CVE-2026-0746 | — | Med | 0.35 | 6.4 | 0.00 | Jan 27, 2026 | The AI Engine plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.3.2 via the 'get_audio' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to arbitrary… | |
| CVE-2026-24548 | Med | 0.35 | 5.4 | 0.00 | Jan 23, 2026 | Server-Side Request Forgery (SSRF) vulnerability in princeahmed Radio Player radio-player allows Server Side Request Forgery.This issue affects Radio Player: from n/a through <= 2.0.91. | ||
| CVE-2026-24381 | Med | 0.35 | 5.4 | 0.00 | Jan 22, 2026 | Server-Side Request Forgery (SSRF) vulnerability in ThemeGoods PhotoMe photome allows Server Side Request Forgery.This issue affects PhotoMe: from n/a through < 5.7.2. | ||
| CVE-2026-22358 | Med | 0.35 | 5.4 | 0.00 | Jan 22, 2026 | Server-Side Request Forgery (SSRF) vulnerability in SmartDataSoft Electrician - Electrical Service WordPress electrician allows Server Side Request Forgery.This issue affects Electrician - Electrical Service WordPress: from n/a through <= 5.6. | ||
| CVE-2025-62741 | Med | 0.35 | 5.4 | 0.00 | Jan 22, 2026 | Server-Side Request Forgery (SSRF) vulnerability in SmartDataSoft Pool Services pool-services allows Server Side Request Forgery.This issue affects Pool Services: from n/a through <= 3.3. | ||
| CVE-2025-14438 | Med | 0.35 | 6.4 | 0.00 | Jan 6, 2026 | The Xagio SEO – AI Powered SEO plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 7.1.0.30 via the 'pixabayDownloadImage' function. This makes it possible for authenticated attackers, with Subscriber-level access and above,… |
- risk 0.35cvss 6.5epss 0.00
NocoBase is an AI-powered no-code/low-code platform for building business applications and enterprise solutions. Prior to version 2.0.37, NocoBase's workflow HTTP request plugin and custom request action plugin make server-side HTTP requests to user-provided URLs without any…
- risk 0.35cvss 6.5epss 0.00
SiYuan is a personal knowledge management system. Prior to 3.6.4, SiYuan configures Mermaid.js with securityLevel: "loose" and htmlLabels: true. In this mode, tags with src attributes survive Mermaid's internal DOMPurify and land in SVG blocks. The SVG is…
- risk 0.35cvss 5.4epss 0.00
Server-Side Request Forgery (SSRF) vulnerability in podigee Podigee podigee allows Server Side Request Forgery.This issue affects Podigee: from n/a through <= 1.4.0.
- risk 0.35cvss 5.4epss 0.00
Server-Side Request Forgery (SSRF) vulnerability in sonaar MP3 Audio Player for Music, Radio & Podcast by Sonaar mp3-music-player-by-sonaar allows Server Side Request Forgery.This issue affects MP3 Audio Player for Music, Radio & Podcast by Sonaar: from n/a through <= 5.11.
- risk 0.35cvss 5.4epss 0.00
Server-Side Request Forgery (SSRF) vulnerability in Global Payments GlobalPayments WooCommerce global-payments-woocommerce allows Server Side Request Forgery.This issue affects GlobalPayments WooCommerce: from n/a through <= 1.18.0.
- risk 0.35cvss 5.4epss 0.00
The Popup Box WordPress plugin before 5.5.0 does not properly validate nonces in the add_or_edit_popupbox() function before saving popup data, allowing unauthenticated attackers to perform Cross-Site Request Forgery attacks. When an authenticated admin visits a malicious page,…
- risk 0.35cvss 6.4epss 0.00
The Webmention plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.6.2 via the 'Tools::read' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to…
- risk 0.35cvss 6.5epss 0.00
WWBN AVideo is an open source video platform. In versions 26.0 and prior, the EPG (Electronic Program Guide) link feature in AVideo allows authenticated users with upload permissions to store arbitrary URLs that the server fetches on every EPG page visit. The URL is validated…
- risk 0.35cvss 6.5epss 0.00
pyLoad is a free and open-source download manager written in Python. Prior to version 0.5.0b3.dev97, PyLoad's download engine accepts arbitrary URLs without validation, enabling Server-Side Request Forgery (SSRF) attacks. An authenticated attacker can exploit this to access…
- risk 0.35cvss 6.5epss 0.00
WWBN AVideo is an open source video platform. In versions up to and including 26.0, `isSSRFSafeURL()` validates URLs against private/reserved IP ranges before fetching, but `url_get_contents()` follows HTTP redirects without re-validating the redirect target. An attacker can…
- risk 0.35cvss 6.5epss 0.00
Lemmy is a link aggregator and forum for the fediverse. Prior to version 0.7.0-beta.9, the `v4_is_invalid()` function in `activitypub-federation-rust` (`src/utils.rs`) does not check for `Ipv4Addr::UNSPECIFIED` (0.0.0.0). An unauthenticated attacker controlling a remote domain…
- risk 0.35cvss 5.4epss 0.00
Server-Side Request Forgery (SSRF) vulnerability in Gift Up! Gift Up Gift Cards for WordPress and WooCommerce gift-up allows Server Side Request Forgery.This issue affects Gift Up Gift Cards for WordPress and WooCommerce: from n/a through <= 3.1.7.
- risk 0.35cvss 5.4epss 0.00
The Fluent Forms Pro Add On Pack plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.1.12 via the 'saveDataSource' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make…
- risk 0.35cvss 5.4epss 0.00
Server-Side Request Forgery (SSRF) vulnerability in ThemeGoods Grand Blog grandblog allows Server Side Request Forgery.This issue affects Grand Blog: from n/a through < 3.1.5.
- risk 0.35cvss 6.4epss 0.00
The AI Engine plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.3.2 via the 'get_audio' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to arbitrary…
- risk 0.35cvss 5.4epss 0.00
Server-Side Request Forgery (SSRF) vulnerability in princeahmed Radio Player radio-player allows Server Side Request Forgery.This issue affects Radio Player: from n/a through <= 2.0.91.
- risk 0.35cvss 5.4epss 0.00
Server-Side Request Forgery (SSRF) vulnerability in ThemeGoods PhotoMe photome allows Server Side Request Forgery.This issue affects PhotoMe: from n/a through < 5.7.2.
- risk 0.35cvss 5.4epss 0.00
Server-Side Request Forgery (SSRF) vulnerability in SmartDataSoft Electrician - Electrical Service WordPress electrician allows Server Side Request Forgery.This issue affects Electrician - Electrical Service WordPress: from n/a through <= 5.6.
- risk 0.35cvss 5.4epss 0.00
Server-Side Request Forgery (SSRF) vulnerability in SmartDataSoft Pool Services pool-services allows Server Side Request Forgery.This issue affects Pool Services: from n/a through <= 3.3.
- risk 0.35cvss 6.4epss 0.00
The Xagio SEO – AI Powered SEO plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 7.1.0.30 via the 'pixabayDownloadImage' function. This makes it possible for authenticated attackers, with Subscriber-level access and above,…