CVE-2025-12800 WP Shortcodes Plugin — Shortcodes Ultimate <= 7.4.5 - Authenticated (Administrator+) Server-Side Request Forgery

The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 7.4.5 via the sushortcodecsvtable function. This makes it possible for authenticated attackers, with Administrator-level access and above, to make...

CVE-2025-12800

The CVE-2025-12800 entry maps to the WordPress WP Shortcodes Plugin — Shortcodes Ultimate vulnerability. The authenticated SSRF flaw resides in the su_shortcode_csv_table function and affects versions up to 7.4.5, enabling an attacker with Administrator-level access or higher to induce web reques...

CVE-2025-12800 WP Shortcodes Plugin — Shortcodes Ultimate <= 7.4.5 - Authenticated (Administrator+) Server-Side Request Forgery

The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 7.4.5 via the sushortcodecsvtable function. This makes it possible for authenticated attackers, with Administrator-level access and above, to make...

WordPress plugin WP Shortcodes Plugin — Shortcodes Ultimate 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, with the ability to host personal blog sites on PHP and MySQL based servers.WordPress...

Vulnerability fixed in Progress MOVEit Transfer

Progress has fixed a vulnerability in MOVEit Transfer Specifically for versions before 2024.1.8 and from 2025.0.0 to before 2025.0.4. The vulnerability involves a server-side request forgery SSRF. This vulnerability allows attackers to send unauthorized requests from the server, which can lead to...

Exploit for CVE-2024-58258

CVE‑2024‑58258 – SugarCRM SSRF & Local File Disclosure Abo...

CVE-2025-13147

Server-Side Request Forgery SSRF vulnerability in Progress MOVEit Transfer.This issue affects MOVEit Transfer: before 2024.1.8, from 2025.0.0 before 2025.0.4...

python-kdcproxy: Unauthenticated SSRF via Realm‑Controlled DNS SRV

If kdcproxy receives a request for a realm which does not have server addresses defined in its configuration, by default, it will query SRV records in the DNS zone matching the requested realm name. This creates a server-side request forgery vulnerability, since an attacker could send a request f...

Important: Red Hat Security Advisory: idm:DL1 security update

An update for the idm:DL1 module is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support and Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On. Red Hat Product Security has rated this update as having a security impact of Important. A Common...

python-kdcproxy: Unauthenticated SSRF via Realm‑Controlled DNS SRV

If kdcproxy receives a request for a realm which does not have server addresses defined in its configuration, by default, it will query SRV records in the DNS zone matching the requested realm name. This creates a server-side request forgery vulnerability, since an attacker could send a request f...

WordPress AI Engine plugin server-side request forgery vulnerability

WordPress AI Engine plugin is a WordPress plugin that is mainly used to integrate OpenAI's ChatGPT, MicrosoftAzure and other AI services into a WordPress website, providing chatbots, content generation, image generation and other features. The WordPress AI Engine plugin suffers from a server-side...

CVE-2025-13147

Server-Side Request Forgery SSRF vulnerability in Progress MOVEit Transfer.This issue affects MOVEit Transfer: before 2024.1.8, from 2025.0.0 before 2025.0.4...

CVE-2025-13147 External Service Interaction (DNS)

Server-Side Request Forgery SSRF vulnerability in Progress MOVEit Transfer.This issue affects MOVEit Transfer: before 2024.1.8, from 2025.0.0 before 2025.0.4...

CVE-2025-13147

CVE-2025-13147 concerns Progress MOVEit Transfer. A(Server-Side) SSRF vulnerability exists in MOVEit Transfer core handling, affecting versions before 2024.1.8 and 2025.0.0 up to before 2025.0.4. The issue allows an attacker to cause the server to make unauthorized requests, potentially accessing...

CVE-2025-8084

The AI Engine plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.1.8 via the resthelperscreateimages function. This makes it possible for authenticated attackers, with Editor-level access and above, to make web requests to arbitrary locations...

CVE-2025-11427

The WP Migrate Lite – WordPress Migration Made Easy plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 2.7.6 via the wpmdbflush AJAX action. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations...

CVE-2025-12962

The Local Syndication plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.5a via the url parameter in the syndicatelocal shortcode. This is due to the use of wpremoteget instead of wpsaferemoteget which lacks protections against requests to...

python-kdcproxy: Remote DoS via unbounded TCP upstream buffering

If an attacker causes kdcproxy to connect to an attacker-controlled KDC server e.g. through server-side request forgery, they can exploit the fact that kdcproxy does not enforce bounds on TCP response length to conduct a denial-of-service attack. While receiving the KDC's response, kdcproxy copie...

Important: Red Hat Security Advisory: python-kdcproxy security update

An update for python-kdcproxy is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

EUVD-2025-198106

The Responsive Lightbox & Gallery plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.5.3 via the 'getimagesizebyurl' function. This is due to insufficient validation of user-supplied URLs when determining image dimensions for gallery items...