EUVD-2025-198106

The Responsive Lightbox & Gallery plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.5.3 via the 'getimagesizebyurl' function. This is due to insufficient validation of user-supplied URLs when determining image dimensions for gallery items...

CVE-2025-12359 Responsive Lightbox & Gallery <= 2.5.3 - Authenticated (Author+) Server-Side Request Forgery

The Responsive Lightbox & Gallery plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.5.3 via the 'getimagesizebyurl' function. This is due to insufficient validation of user-supplied URLs when determining image dimensions for gallery items...

CVE-2025-12359 Responsive Lightbox & Gallery <= 2.5.3 - Authenticated (Author+) Server-Side Request Forgery

The Responsive Lightbox & Gallery plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.5.3 via the 'getimagesizebyurl' function. This is due to insufficient validation of user-supplied URLs when determining image dimensions for gallery items...

CVE-2025-12359

CVE-2025-12359 : The WordPress plugin Responsive Lightbox & Gallery (versions up to 2.5.3) is affected by an authenticated SSRF in get_image_size_by_url due to insufficient validation of user-supplied URLs when determining image dimensions for gallery items. Exploitation requires Author+ privileg...

Progress MOVEit Transfer 代码问题漏洞

Progress MOVEit Transfer is a secure hosted file transfer application from Progress. A code issue vulnerability exists in Progress MOVEit Transfer versions prior to 2024.1.8 and 2025.0.0 through 2025.0.4, which stems from vulnerability to server-side request forgery attacks...

WordPress plugin Responsive Lightbox & Gallery 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A code issue...

PT-2025-47429

The Responsive Lightbox & Gallery plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.5.3 via the 'get image size by url' function. This is due to insufficient validation of user-supplied URLs when determining image dimensions for gallery item...

PT-2025-47528

Name of the Vulnerable Software and Affected Versions Progress MOVEit Transfer versions prior to 2024.1.8 Progress MOVEit Transfer versions 2025.0.0 through 2025.0.3 Description A Server-Side Request Forgery SSRF vulnerability exists in Progress MOVEit Transfer. This type of issue allows an...

WordPress Responsive Lightbox & Gallery plugin <= 2.5.3 - Authenticated (Author+) Server-Side Request Forgery vulnerability

Authenticated Author+ Server-Side Request Forgery vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin Responsive Lightbox versions = 2.5.3...

Server-Side Request Forgery (SSRF)

Apache Kylin is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to insufficient validation of user-controlled request targets, which allows an attacker to craft malicious requests that force the server to initiate unintended outbound connections...

CVE-2025-63408

Local Agent DVR versions thru 6.6.1.0 are vulnerable to directory traversal that allows an unauthenticated local attacker to gain access to sensitive information, cause a server-side forgery request SSRF, or execute OS commands...

CVE-2025-63408

Local Agent DVR versions thru 6.6.1.0 are vulnerable to directory traversal that allows an unauthenticated local attacker to gain access to sensitive information, cause a server-side forgery request SSRF, or execute OS commands...

EUVD-2025-197990

The AI Engine plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.1.8 via the resthelperscreateimages function. This makes it possible for authenticated attackers, with Editor-level access and above, to make web requests to arbitrary locations...

EUVD-2025-197994

The Icon List Block – Add Icon-Based Lists with Custom Styles plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.2.1 via the fsapirequest function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to...

CVE-2025-8084

The AI Engine plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.1.8 via the resthelperscreateimages function. This makes it possible for authenticated attackers, with Editor-level access and above, to make web requests to arbitrary locations...

CVE-2025-12376

CVE-2025-12376 relates to the WordPress plugin Icon List Block – Add Icon-Based Lists with Custom Styles . The vulnerability is a Server-Side Request Forgery (SSRF) arising from the plugin’s fs_api_request path, allowing authenticated attackers with Subscriber-level access and higher to trigger w...

CVE-2025-12376 Icon List Block – Add Icon-Based Lists with Custom Styles <= 1.2.1 - Authenticated (Subscriber+) Server-Side Request Forgery

The Icon List Block – Add Icon-Based Lists with Custom Styles plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.2.1 via the fsapirequest function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to...

CVE-2025-8084

CVE-2025-8084 affects the WordPress AI Engine plugin. All versions up to and including 3.1.8 are vulnerable to Server-Side Request Forgery via the rest_helpers_create_images function. An authenticated attacker with Editor-level access or higher can cause the web application to issue requests to a...

CVE-2025-11427 WP Migrate Lite <= 2.7.6 - Unauthenticated Blind Server-Side Request Forgery

The WP Migrate Lite – WordPress Migration Made Easy plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 2.7.6 via the wpmdbflush AJAX action. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations...

CVE-2025-11427 WP Migrate Lite <= 2.7.6 - Unauthenticated Blind Server-Side Request Forgery

The WP Migrate Lite – WordPress Migration Made Easy plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 2.7.6 via the wpmdbflush AJAX action. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations...