CVE-2025-8678

The WP Crontrol plugin for WordPress is vulnerable to blind Server-Side Request Forgery in versions 1.17.0 to 1.19.1 via the 'wpremoterequest' function. This makes it possible for authenticated attackers, with Administrator-level access and above, to make web requests to arbitrary locations...

CVE-2025-8678

The CVE-2025-8678 entry concerns the WordPress WP Crontrol plugin. Affected versions 1.17.0–1.19.1 expose a blind Server-Side Request Forgery via wp_remote_request() that can be exploited by authenticated administrators or higher to issue web requests from the WordPress host to arbitrary external...

CVE-2025-8678 WP Crontrol - 1.17.0 - 1.19.1 - Authenticated (Administrator+) Blind Server-Side Request Forgery

The WP Crontrol plugin for WordPress is vulnerable to blind Server-Side Request Forgery in versions 1.17.0 to 1.19.1 via the 'wpremoterequest' function. This makes it possible for authenticated attackers, with Administrator-level access and above, to make web requests to arbitrary locations...

WordPress WP Crontrol plugin 1.17.0-1.19.1 - Authenticated (Administrator+) Server-Side Request Forgery vulnerability

Authenticated Administrator+ Server-Side Request Forgery vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin Crontrol versions 1.17.0-1.19.1...

PT-2025-33892 · WordPress · Wp Crontrol

Name of the Vulnerable Software and Affected Versions: WP Crontrol versions 1.17.0 through 1.19.1 Description: The WP Crontrol plugin for WordPress is vulnerable to Server-Side Request Forgery via the wp remote request function. This allows authenticated attackers with Administrator-level access...

The vulnerability of the WP Crontrol plugin of the WordPress content management system allows a hacker to execute arbitrary code.

The vulnerability of the WP Crontrol plugin of the WordPress content management system is related to the loading of code without checking its integrity. Exploiting this vulnerability can allow a hacker to execute arbitrary code...