CVE-2025-1662

MEDIUM Year: 2025
CVSS v3 Score
6.4
Medium
Weakness Type
CWE-918
View all →

Vulnerability Description

The URL Media Uploader plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.0.0 via the 'url_media_uploader_url_upload' action. This makes it possible for authenticated attackers, with author-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.

Related Vulnerabilities

CVE-2018-1000182

MEDIUM
CVSS:6.4(Medium)

A server-side request forgery vulnerability exists in Jenkins Git Plugin 3.9.0 and older in AssemblaWeb.java, GitBlitRepositoryBrowser.java, Gitiles.java, TFS2013GitRepositoryBrowser.java, ViewGitWeb....

CWE-9182018

CVE-2021-23927

MEDIUM
CVSS:6.4(Medium)

OX App Suite through 7.10.4 allows SSRF via a URL with an @ character in an appsuite/api/oauth/proxy PUT request.

CWE-9182021

CVE-2021-31779

MEDIUM
CVSS:6.4(Medium)

The yoast_seo (aka Yoast SEO) extension before 7.2.1 for TYPO3 allows SSRF via a backend user account.

CWE-9182021

CVE-2021-40109

MEDIUM
CVSS:6.4(Medium)

A SSRF issue was discovered in Concrete CMS through 8.5.5. Users can access forbidden files on their local network. A user with permissions to upload files from external sites can upload a URL that re...

CWE-9182021

CVE-2023-4651

MEDIUM
CVSS:6.4(Medium)

Server-Side Request Forgery (SSRF) in GitHub repository instantsoft/icms2 prior to 2.16.1.

CWE-9182023

CVE-2023-6805

MEDIUM
CVSS:6.4(Medium)

The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and incl...

CWE-9182023