CVE-2025-67961

Server-Side Request Forgery SSRF vulnerability in Marco van Wieren WPO365 wpo365-login allows Server Side Request Forgery.This issue affects WPO365: from n/a through = 40.0...

CVE-2025-67961

CVE-2025-67961 : SSRF in the WordPress WPO365 plugin’s wpo365-login component (affecting WPO365 v1.x through = 40.0) or apply vendor-provided patch; refer to Patchstack/RedHat/CVE records for the exact patched version. If patch not yet applied in environments, monitor for updates and apply once a...

CVE-2025-64252 WordPress ANAC XML Viewer plugin <= 1.8.2 - Server Side Request Forgery (SSRF) vulnerability

Server-Side Request Forgery SSRF vulnerability in Marco Milesi ANAC XML Viewer anac-xml-viewer allows Server Side Request Forgery.This issue affects ANAC XML Viewer: from n/a through = 1.8.2...

CVE-2025-62741

CVE-2025-62741 represents a Server-Side Request Forgery (SSRF) vulnerability in the WordPress Pool Services theme (pool-services) affecting versions up to 3.3. The issue is documented as SSRF by multiple sources (NVD/Red Hat/EUVD/CI) with reported patch status as Unpatched and an advised remediat...

CVE-2025-31413 WordPress Element Pack Elementor Addons plugin <= 8.3.13 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in bdthemes Element Pack Elementor Addons bdthemes-element-pack-lite allows Cross Site Request Forgery.This issue affects Element Pack Elementor Addons: from n/a through = 8.3.13...

WordPress plugin IMGspider has code vulnerabilities

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

WordPress plugin ANAC XML Viewer code-related vulnerabilities

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There we...

PT-2026-4210

Server-Side Request Forgery SSRF vulnerability in SmartDataSoft Electrician - Electrical Service WordPress electrician allows Server Side Request Forgery.This issue affects Electrician - Electrical Service WordPress: from n/a through = 5.6...

PT-2026-4041

Name of the Vulnerable Software and Affected Versions Marco van Wieren WPO365 versions n/a through 40.0 Description A Server-Side Request Forgery SSRF vulnerability exists in the wpo365-login component of Marco van Wieren WPO365. This flaw allows for Server Side Request Forgery. Recommendations...

PT-2026-4255

Server-Side Request Forgery SSRF vulnerability in Craig Hewitt Seriously Simple Podcasting seriously-simple-podcasting allows Server Side Request Forgery.This issue affects Seriously Simple Podcasting: from n/a through = 3.14.1...

PT-2026-4003

Name of the Vulnerable Software and Affected Versions Marco Milesi ANAC XML Viewer versions through 1.8.2 Description The ANAC XML Viewer software contains a Server-Side Request Forgery SSRF flaw. This issue allows for Server Side Request Forgery. Recommendations Update to a version later than...

WordPress plugin PhotoMe has a security vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

WordPress plugin Seriously Simple Podcasting has a security vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application plugin. The WordPre...

WordPress plugin "Electrician - Electrical Service" – code-related vulnerabilities

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

📄 Oracle E-Business Suite CVE-2025-61882 Remote Code Execution

This Metasploit module exploits CVE-2025-61882 in Oracle E-Business Suite by combining server-side request forgery, path traversal, HTTP request smuggling, and XSLT injection. The exploit hosts a malicious XSL file that the target will fetch and process, leading to remote code execution. This...

PT-2026-3989

Name of the Vulnerable Software and Affected Versions Apryse HTML2PDF SDK versions through 11.6.0 Description A Local File Inclusion LFI and a Server-Side Request Forgery SSRF issue exists in the InsertFromHtmlString function. These issues could allow an attacker to read local files on the server...

CVE-2021-47830

GetSimple CMS My SMTP Contact Plugin 1.1.1 contains a cross-site request forgery CSRF vulnerability. Attackers can craft a malicious webpage that, when visited by an authenticated administrator, can change SMTP configuration settings in the plugin. This may allow unauthorized changes but does not...

CVE-2021-47830 GetSimple CMS My SMTP Contact Plugin 1.1.1 - CSRF

GetSimple CMS My SMTP Contact Plugin 1.1.1 contains a cross-site request forgery CSRF vulnerability. Attackers can craft a malicious webpage that, when visited by an authenticated administrator, can change SMTP configuration settings in the plugin. This may allow unauthorized changes but does not...

CVE-2025-36411

IBM ApplinX 11.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts...

Server-Side Request Forgery (SSRF)

SvelteKit is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to improper handling of host and origin resolution during prerendered route processing, where crafted requests can trigger internal requests or cause excessive resource usage, leading to SSRF or service disrupti...