CVE-2025-69014 WordPress Youzify plugin <= 1.3.7 - Server Side Request Forgery (SSRF) vulnerability

Server-Side Request Forgery SSRF vulnerability in Youzify Youzify youzify allows Server Side Request Forgery.This issue affects Youzify: from n/a through = 1.3.7...

CVE-2024-25181

A critical vulnerability has been identified in givanz VvvebJs 1.7.2, which allows both Server-Side Request Forgery SSRF and arbitrary file reading. The vulnerability stems from improper handling of user-supplied URLs in the "filegetcontents" function within the "save.php" file...

WordPress Prime Slider - Addons For Elementor plugin server-side request forgery vulnerability

WordPress Prime Slider - Addons For Elementor plugin is a free plugin for Elementor page builder designed to help users easily create various interactive responsive sliders. The WordPress Prime Slider - Addons For Elementor plugin suffers from a server-side request forgery vulnerability, which...

FeehiCMS 代码问题漏洞

FeehiCMS is a Php-based CMS website builder by Liufee personal developer. A code issue vulnerability exists in FeehiCMS 2.1.1 and prior versions, which stems from the incorrect manipulation of the parameter src in the file frontend/web/timthumb.php, which could lead to server-side request forgery...

WordPress plugin Youzify 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

PT-2025-54214

A vulnerability was determined in FeehiCMS up to 2.1.1. Impacted is an unknown function of the file frontend/web/timthumb.php of the component TimThumb. Executing manipulation of the argument src can lead to server-side request forgery. The attack can be launched remotely. The exploit has been...

WordPress 6Storage Rentals plugin server-side request forgery vulnerability

WordPress 6Storage Rentals plugin is a plugin designed for WordPress websites, designed to help webmasters easily manage the rental booking process for storage facilities. WordPress 6Storage Rentals plugin suffers from a server-side request forgery vulnerability, which stems from the server not...

GHSA-VVXF-WJ5W-6GJ5 hemmelig allows SSRF Filter bypass via Secret Request functionality

Summary A Server-Side Request Forgery SSRF filter bypass vulnerability exists in the webhook URL validation of the Secret Requests feature. The application attempts to block internal/private IP addresses but can be bypassed using DNS rebinding e.g., localtest.me which resolves to 127.0.0.1 or ope...

hemmelig allows SSRF Filter bypass via Secret Request functionality

Summary A Server-Side Request Forgery SSRF filter bypass vulnerability exists in the webhook URL validation of the Secret Requests feature. The application attempts to block internal/private IP addresses but can be bypassed using DNS rebinding e.g., localtest.me which resolves to 127.0.0.1 or ope...

CVE-2024-25181

A critical vulnerability has been identified in givanz VvvebJs 1.7.2, which allows both Server-Side Request Forgery SSRF and arbitrary file reading. The vulnerability stems from improper handling of user-supplied URLs in the "filegetcontents" function within the "save.php" file...

EUVD-2025-205595

Server-Side Request Forgery SSRF vulnerability in HETWORKS WordPress Image shrinker allows Server Side Request Forgery.This issue affects WordPress Image shrinker: from n/a through 1.1.0...

CVE-2025-68893

The CVE-2025-68893 entry concerns the HETWORKS WordPress Image Shrinker plugin (WordPress Image shrinker) with versions up to and including 1.1.0. Multiple connected sources confirm a Server-Side Request Forgery (SSRF) vulnerability in this plugin, enabling requests crafted by an attacker. Root c...

CVE-2025-68893 WordPress WordPress Image shrinker plugin <= 1.1.0 - Server Side Request Forgery (SSRF) vulnerability

Server-Side Request Forgery SSRF vulnerability in HETWORKS WordPress Image shrinker wp-image-shrinker allows Server Side Request Forgery.This issue affects WordPress Image shrinker: from n/a through = 1.1.0...

CVE-2025-69206

CVE-2025-69206 (Hemmelig) describes an SSRF filter bypass in the Secret Requests webhook URL validation prior to version 7.3.3. The isPublicUrl check blocks private IPs by hostname patterns, but can be bypassed via DNS rebinding (e.g., localtest.me) or open redirects, allowing an authenticated us...

CVE-2025-69206 Hemmelig has SSRF Filter bypass in Secret Request functionality

Hemmelig is a messing app with with client-side encryption and self-destructing messages. Prior to version 7.3.3, a Server-Side Request Forgery SSRF filter bypass vulnerability exists in the webhook URL validation of the Secret Requests feature. The application attempts to block internal/private ...

VvvebJs 安全漏洞

VvvebJs is a drag-and-drop website generator from Givan Personal Developers. A security vulnerability exists in VvvebJs version 1.7.2, which stems from the filegetcontents function in the save.php file mishandling user-supplied URLs, which could lead to server-side request forgery and arbitrary...

Hemmelig 安全漏洞

Hemmelig is a content encryption software from Hemmelig Open Source. A security vulnerability exists in Hemmelig versions prior to 7.3.3 that stems from an SSRF filter bypass in Webhook URL validation, which could lead to server-side request forgery attacks...

CVE-2024-25181

A critical vulnerability has been identified in givanz VvvebJs 1.7.2, which allows both Server-Side Request Forgery SSRF and arbitrary file reading. The vulnerability stems from improper handling of user-supplied URLs in the "filegetcontents" function within the "save.php" file...

CVE-2024-25181

CVE-2024-25181 affects givanz VvvebJs 1.7.2. The issue stems from improper handling of user-supplied URLs in the file_get_contents call in save.php, enabling Server-Side Request Forgery (SSRF) and arbitrary file reading. The CVSSv3.1 base score is 9.1 (CRITICAL) with NETWORK_VECTOR, LOW attack co...

WordPress Youzify plugin <= 1.3.6 - Server Side Request Forgery (SSRF) vulnerability

Server Side Request Forgery SSRF vulnerability discovered by NumeX in WordPress Plugin Youzify versions = 1.3.6...