CWE-918
Server-Side Request Forgery (SSRF)
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.
CVE-2025-12375 (GCVE-0-2025-12375)
Vulnerability from cvelistv5 – Published: 2026-02-19 03:25 – Updated: 2026-04-08 16:51
VLAI
Title
Printful Integration for WooCommerce <= 2.2.11 - Authenticated (Contributor+) Server-Side Request Forgery
Summary
The Printful Integration for WooCommerce plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.2.11 via the advanced size chart REST API endpoint. This is due to insufficient validation of user-supplied URLs before passing them to the download_url() function. This makes it possible for authenticated attackers, with Contributor-level access and above, to make web requests to arbitrary locations originating from the web application which can be used to query and modify information from internal services.
Severity
6.4 (Medium)
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
6 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| printful | Printful Integration for WooCommerce |
Affected:
0 , ≤ 2.2.11
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-12375",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-19T17:04:30.310467Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-19T17:42:42.024Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Printful Integration for WooCommerce",
"vendor": "printful",
"versions": [
{
"lessThanOrEqual": "2.2.11",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Adrian Lukita"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Printful Integration for WooCommerce plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.2.11 via the advanced size chart REST API endpoint. This is due to insufficient validation of user-supplied URLs before passing them to the download_url() function. This makes it possible for authenticated attackers, with Contributor-level access and above, to make web requests to arbitrary locations originating from the web application which can be used to query and modify information from internal services."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T16:51:19.720Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4cb410aa-3941-4e19-8de4-622a94766ee8?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/printful-shipping-for-woocommerce/tags/2.2.11/includes/class-printful-size-guide.php#L170"
},
{
"url": "https://plugins.trac.wordpress.org/browser/printful-shipping-for-woocommerce/tags/2.2.11/includes/class-printful-size-guide.php#L210"
},
{
"url": "https://plugins.trac.wordpress.org/browser/printful-shipping-for-woocommerce/tags/2.2.11/includes/class-printful-rest-api-controller.php#L67"
},
{
"url": "https://plugins.trac.wordpress.org/browser/printful-shipping-for-woocommerce/tags/2.2.11/includes/class-printful-rest-api-controller.php#L259"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3439592%40printful-shipping-for-woocommerce\u0026new=3439592%40printful-shipping-for-woocommerce\u0026sfp_email=\u0026sfph_mail="
}
],
"timeline": [
{
"lang": "en",
"time": "2026-02-18T14:59:59.000Z",
"value": "Disclosed"
}
],
"title": "Printful Integration for WooCommerce \u003c= 2.2.11 - Authenticated (Contributor+) Server-Side Request Forgery"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-12375",
"datePublished": "2026-02-19T03:25:14.353Z",
"dateReserved": "2025-10-27T22:10:07.660Z",
"dateUpdated": "2026-04-08T16:51:19.720Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-12376 (GCVE-0-2025-12376)
Vulnerability from cvelistv5 – Published: 2025-11-18 13:54 – Updated: 2026-04-08 16:49
VLAI
Title
Icon List Block – Add Icon-Based Lists with Custom Styles <= 1.2.1 - Authenticated (Subscriber+) Server-Side Request Forgery
Summary
The Icon List Block – Add Icon-Based Lists with Custom Styles plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.2.1 via the fs_api_request function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. Only valid JSON objects are rendered in the response.
Severity
6.4 (Medium)
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| bplugins | Icon List Block – Add Icon-Based Lists with Custom Styles |
Affected:
0 , ≤ 1.2.1
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-12376",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-18T14:30:21.716111Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-18T14:30:38.295Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Icon List Block \u2013 Add Icon-Based Lists with Custom Styles",
"vendor": "bplugins",
"versions": [
{
"lessThanOrEqual": "1.2.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Sushi Com Abacate"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Icon List Block \u2013 Add Icon-Based Lists with Custom Styles plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.2.1 via the fs_api_request function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. Only valid JSON objects are rendered in the response."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T16:49:08.188Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/438e2911-7663-44fe-883f-19ad29972aac?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/icon-list-block/tags/1.2.0/bplugins_sdk/inc/Base/FSActivate.php#L168"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-10-16T00:00:00.000Z",
"value": "Discovered"
},
{
"lang": "en",
"time": "2025-10-28T00:23:39.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2025-11-18T01:11:17.000Z",
"value": "Disclosed"
}
],
"title": "Icon List Block \u2013 Add Icon-Based Lists with Custom Styles \u003c= 1.2.1 - Authenticated (Subscriber+) Server-Side Request Forgery"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-12376",
"datePublished": "2025-11-18T13:54:50.042Z",
"dateReserved": "2025-10-28T00:08:02.684Z",
"dateUpdated": "2026-04-08T16:49:08.188Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-12388 (GCVE-0-2025-12388)
Vulnerability from cvelistv5 – Published: 2025-11-05 06:35 – Updated: 2026-04-08 17:23
VLAI
Title
B Carousel Block – Responsive Image and Content Carousel <= 1.1.5 - Missing Authorization to Authenticated (Subscriber+) Server-Side Request Forgery
Summary
The B Carousel Block – Responsive Image and Content Carousel plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 1.1.5. This is due to the plugin not validating user-supplied URLs before passing them to the wp_remote_request() function. This makes it possible for authenticated attackers, with subscriber-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.
Severity
6.4 (Medium)
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| bplugins | Carousel Block – Responsive Image and Content Carousel |
Affected:
0 , ≤ 1.1.5
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-12388",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-05T14:23:20.515546Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-05T14:23:30.683Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Carousel Block \u2013 Responsive Image and Content Carousel",
"vendor": "bplugins",
"versions": [
{
"lessThanOrEqual": "1.1.5",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Sushi Com Abacate"
}
],
"descriptions": [
{
"lang": "en",
"value": "The B Carousel Block \u2013 Responsive Image and Content Carousel plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 1.1.5. This is due to the plugin not validating user-supplied URLs before passing them to the wp_remote_request() function. This makes it possible for authenticated attackers, with subscriber-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T17:23:27.070Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/cb5ca73c-1a1d-4a93-bbcb-8af606189f26?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3387643/b-carousel-block"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3388271/b-carousel-block"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-10-16T00:00:00.000Z",
"value": "Discovered"
},
{
"lang": "en",
"time": "2025-10-28T13:25:50.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2025-11-04T17:38:53.000Z",
"value": "Disclosed"
}
],
"title": "B Carousel Block \u2013 Responsive Image and Content Carousel \u003c= 1.1.5 - Missing Authorization to Authenticated (Subscriber+) Server-Side Request Forgery"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-12388",
"datePublished": "2025-11-05T06:35:01.390Z",
"dateReserved": "2025-10-28T13:10:16.204Z",
"dateUpdated": "2026-04-08T17:23:27.070Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-12560 (GCVE-0-2025-12560)
Vulnerability from cvelistv5 – Published: 2025-11-06 05:31 – Updated: 2026-04-08 16:44
VLAI
Title
Blog2Social: Social Media Auto Post & Scheduler <= 8.6.0 - Authenticated (Subscriber+) Blind Server-Side Request Forgery via post_url
Summary
The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 8.6.0 via the getFullContent() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.
Severity
4.3 (Medium)
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| pr-gateway | Blog2Social: Social Media Auto Post & Scheduler |
Affected:
0 , ≤ 8.6.0
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-12560",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-06T15:40:45.427228Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-06T15:40:57.868Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Blog2Social: Social Media Auto Post \u0026 Scheduler",
"vendor": "pr-gateway",
"versions": [
{
"lessThanOrEqual": "8.6.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "LionTree"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Blog2Social: Social Media Auto Post \u0026 Scheduler plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 8.6.0 via the getFullContent() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T16:44:27.427Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2ea06520-d7a9-49bb-812e-2fa2e50d0ec2?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3389636/blog2social"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-10-31T18:17:50.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2025-11-05T17:30:36.000Z",
"value": "Disclosed"
}
],
"title": "Blog2Social: Social Media Auto Post \u0026 Scheduler \u003c= 8.6.0 - Authenticated (Subscriber+) Blind Server-Side Request Forgery via post_url"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-12560",
"datePublished": "2025-11-06T05:31:24.932Z",
"dateReserved": "2025-10-31T18:01:44.334Z",
"dateUpdated": "2026-04-08T16:44:27.427Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-12575 (GCVE-0-2025-12575)
Vulnerability from cvelistv5 – Published: 2026-02-11 11:34 – Updated: 2026-02-11 15:15
VLAI
Title
Server-Side Request Forgery (SSRF) in GitLab
Summary
GitLab has remediated an issue in GitLab EE affecting all versions from 18.0 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authenticated user with certain permissions to make unauthorized requests to internal network services through the GitLab server.
Severity
5.4 (Medium)
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://gitlab.com/gitlab-org/gitlab/-/issues/579171 | issue-trackingpermissions-required |
| https://hackerone.com/reports/3397752 | technical-descriptionexploitpermissions-required |
| https://about.gitlab.com/releases/2026/02/10/patc… |
Impacted products
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-12575",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-11T15:15:19.004878Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-11T15:15:26.432Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "GitLab",
"repo": "git://git@gitlab.com:gitlab-org/gitlab.git",
"vendor": "GitLab",
"versions": [
{
"lessThan": "18.6.6",
"status": "affected",
"version": "18.0",
"versionType": "semver"
},
{
"lessThan": "18.7.4",
"status": "affected",
"version": "18.7",
"versionType": "semver"
},
{
"lessThan": "18.8.4",
"status": "affected",
"version": "18.8",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Thanks [go7f0qho](https://hackerone.com/go7f0qho) for reporting this vulnerability through our HackerOne bug bounty program"
}
],
"descriptions": [
{
"lang": "en",
"value": "GitLab has remediated an issue in GitLab EE affecting all versions from 18.0 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authenticated user with certain permissions to make unauthorized requests to internal network services through the GitLab server."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918: Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-11T11:34:36.432Z",
"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"shortName": "GitLab"
},
"references": [
{
"name": "GitLab Issue #579171",
"tags": [
"issue-tracking",
"permissions-required"
],
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/579171"
},
{
"name": "HackerOne Bug Bounty Report #3397752",
"tags": [
"technical-description",
"exploit",
"permissions-required"
],
"url": "https://hackerone.com/reports/3397752"
},
{
"url": "https://about.gitlab.com/releases/2026/02/10/patch-release-gitlab-18-8-4-released/"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to versions 18.6.6, 18.7.4, 18.8.4 or above."
}
],
"title": "Server-Side Request Forgery (SSRF) in GitLab"
}
},
"cveMetadata": {
"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"assignerShortName": "GitLab",
"cveId": "CVE-2025-12575",
"datePublished": "2026-02-11T11:34:36.432Z",
"dateReserved": "2025-10-31T21:03:48.878Z",
"dateUpdated": "2026-02-11T15:15:26.432Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-12800 (GCVE-0-2025-12800)
Vulnerability from cvelistv5 – Published: 2025-11-23 22:26 – Updated: 2026-04-08 16:55
VLAI
Title
WP Shortcodes Plugin — Shortcodes Ultimate <= 7.4.5 - Authenticated (Administrator+) Server-Side Request Forgery
Summary
The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 7.4.5 via the su_shortcode_csv_table function. This makes it possible for authenticated attackers, with Administrator-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. If the 'Unsafe features' option is explicitly enabled by an administrator, this issue becomes exploitable by Contributor+ attackers
Severity
6.4 (Medium)
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| gn_themes | WP Shortcodes Plugin — Shortcodes Ultimate |
Affected:
0 , ≤ 7.4.5
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-12800",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-24T17:19:34.930874Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-24T17:19:43.962Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "WP Shortcodes Plugin \u2014 Shortcodes Ultimate",
"vendor": "gn_themes",
"versions": [
{
"lessThanOrEqual": "7.4.5",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "GABRIEL GERALDINO DE SOUZA"
}
],
"descriptions": [
{
"lang": "en",
"value": "The WP Shortcodes Plugin \u2014 Shortcodes Ultimate plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 7.4.5 via the su_shortcode_csv_table function. This makes it possible for authenticated attackers, with Administrator-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. If the \u0027Unsafe features\u0027 option is explicitly enabled by an administrator, this issue becomes exploitable by Contributor+ attackers"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T16:55:40.023Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5cbb7db4-bef7-4799-9b65-ebe77976e21c?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3397946/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-10-29T00:00:00.000Z",
"value": "Discovered"
},
{
"lang": "en",
"time": "2025-11-06T12:18:21.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2025-11-23T10:11:05.000Z",
"value": "Disclosed"
}
],
"title": "WP Shortcodes Plugin \u2014 Shortcodes Ultimate \u003c= 7.4.5 - Authenticated (Administrator+) Server-Side Request Forgery"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-12800",
"datePublished": "2025-11-23T22:26:39.686Z",
"dateReserved": "2025-11-06T12:02:44.591Z",
"dateUpdated": "2026-04-08T16:55:40.023Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-12832 (GCVE-0-2025-12832)
Vulnerability from cvelistv5 – Published: 2025-12-08 21:46 – Updated: 2025-12-09 16:05
VLAI
Title
IBM InfoSphere Information Server Server-Side Request Forgery
Summary
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.
Severity
4.6 (Medium)
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.ibm.com/support/pages/node/7253507 | vendor-advisorypatch |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| IBM | InfoSphere Information Server |
Affected:
11.7.0.0 , ≤ 11.7.1.6
(semver)
cpe:2.3:a:ibm:infosphere_information_server:11.7.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:infosphere_information_server:11.7.1.6:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-12832",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-09T15:24:40.372789Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-09T16:05:28.252Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:infosphere_information_server:11.7.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:infosphere_information_server:11.7.1.6:*:*:*:*:*:*:*"
],
"product": "InfoSphere Information Server",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "11.7.1.6",
"status": "affected",
"version": "11.7.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "The vulnerability was reported to IBM by Sana Pc."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated\u0026nbsp;attacker to send unauthorized requests from the system, potentially leading to network enumeration or\u0026nbsp;facilitating other attacks.\u003c/p\u003e"
}
],
"value": "IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated\u00a0attacker to send unauthorized requests from the system, potentially leading to network enumeration or\u00a0facilitating other attacks."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-08T21:46:55.839Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7253507"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eRemediation/Fixes Product Version(s) APAR Remediation IBM InfoSphere Information Server 11.7.0.0 to 11.7.1.6 DT454748 --Apply IBM InfoSphere Information Server version 11.7.1.0 --Apply IBM InfoSphere Information Server version 11.7.1.6 --Apply IBM InfoSphere Information Server 11.7.1.6 Service pack 1 --Apply IBM InfoSphere DataStage Flow Designer security patch\u003c/p\u003e"
}
],
"value": "Remediation/Fixes Product Version(s) APAR Remediation IBM InfoSphere Information Server 11.7.0.0 to 11.7.1.6 DT454748 --Apply IBM InfoSphere Information Server version 11.7.1.0 --Apply IBM InfoSphere Information Server version 11.7.1.6 --Apply IBM InfoSphere Information Server 11.7.1.6 Service pack 1 --Apply IBM InfoSphere DataStage Flow Designer security patch"
}
],
"title": "IBM InfoSphere Information Server Server-Side Request Forgery",
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-12832",
"datePublished": "2025-12-08T21:46:55.839Z",
"dateReserved": "2025-11-06T19:38:39.007Z",
"dateUpdated": "2025-12-09T16:05:28.252Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-12886 (GCVE-0-2025-12886)
Vulnerability from cvelistv5 – Published: 2026-03-28 02:26 – Updated: 2026-04-08 17:06
VLAI
Title
Oxygen <= 6.0.8 - Unauthenticated Server-Side Request Forgery via route_path
Summary
The Oxygen Theme theme for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.0.8 via the laborator_calc_route AJAX action. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.
Severity
7.2 (High)
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Laborator | Oxygen - WooCommerce WordPress Theme |
Affected:
0 , ≤ 6.0.8
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-12886",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-30T13:15:35.819105Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-30T14:53:49.448Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Oxygen - WooCommerce WordPress Theme",
"vendor": "Laborator",
"versions": [
{
"lessThanOrEqual": "6.0.8",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Ahmed Rayen Ayari"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Oxygen Theme theme for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.0.8 via the laborator_calc_route AJAX action. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T17:06:00.297Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8c83f430-8a4d-40fa-890c-387c787a3b55?source=cve"
},
{
"url": "https://documentation.laborator.co/kb/oxygen/oxygen-release-notes/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-03-27T14:05:45.000Z",
"value": "Disclosed"
}
],
"title": "Oxygen \u003c= 6.0.8 - Unauthenticated Server-Side Request Forgery via route_path"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-12886",
"datePublished": "2026-03-28T02:26:37.080Z",
"dateReserved": "2025-11-07T17:25:24.963Z",
"dateUpdated": "2026-04-08T17:06:00.297Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-12962 (GCVE-0-2025-12962)
Vulnerability from cvelistv5 – Published: 2025-11-18 08:27 – Updated: 2026-04-08 17:01
VLAI
Title
Local Syndication <= 1.5a - Authenticated (Contributor+) Server-Side Request Forgery via Shortcode
Summary
The Local Syndication plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.5a via the `url` parameter in the `[syndicate_local]` shortcode. This is due to the use of `wp_remote_get()` instead of `wp_safe_remote_get()` which lacks protections against requests to internal/private IP addresses and localhost. This makes it possible for authenticated attackers, with Contributor-level access and above, to make web requests to arbitrary locations originating from the web application, which can be used to query and modify information from internal services, scan internal networks, and access resources that should not be accessible from external networks.
Severity
6.4 (Medium)
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| willbontrager | Local Syndication |
Affected:
0 , ≤ 1.5a
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-12962",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-18T14:48:27.969275Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-18T14:48:42.850Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Local Syndication",
"vendor": "willbontrager",
"versions": [
{
"lessThanOrEqual": "1.5a",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Ivan Cese"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Local Syndication plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.5a via the `url` parameter in the `[syndicate_local]` shortcode. This is due to the use of `wp_remote_get()` instead of `wp_safe_remote_get()` which lacks protections against requests to internal/private IP addresses and localhost. This makes it possible for authenticated attackers, with Contributor-level access and above, to make web requests to arbitrary locations originating from the web application, which can be used to query and modify information from internal services, scan internal networks, and access resources that should not be accessible from external networks."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T17:01:42.996Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7774cdfd-622a-4608-9efd-273923a0d0aa?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/local-syndication/tags/1.5/local_syndication.php#L64"
},
{
"url": "https://plugins.trac.wordpress.org/browser/local-syndication/tags/1.5/local_syndication.php#L41"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-11-17T20:14:00.000Z",
"value": "Disclosed"
}
],
"title": "Local Syndication \u003c= 1.5a - Authenticated (Contributor+) Server-Side Request Forgery via Shortcode"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-12962",
"datePublished": "2025-11-18T08:27:32.912Z",
"dateReserved": "2025-11-10T16:58:29.926Z",
"dateUpdated": "2026-04-08T17:01:42.996Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-13096 (GCVE-0-2025-13096)
Vulnerability from cvelistv5 – Published: 2026-02-02 20:56 – Updated: 2026-02-03 15:39
VLAI
Title
XML eXternal Entity injection (XXE) vulnerability affect IBM Business Automation Workflow -
Summary
IBM Business Automation Workflow containers V25.0.0 through V25.0.0-IF007, V24.0.1 - V24.0.1-IF007, V24.0.0 - V24.0.0-IF007 and IBM Business Automation Workflow traditional V25.0.0, V24.0.1, V24.0.0 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.
Severity
7.1 (High)
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.ibm.com/support/pages/node/7259321 | vendor-advisorypatch |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| IBM | Business Automation Workflow containers |
Affected:
V25.0.0 , ≤ V25.0.0-IF002
(semver)
Affected: V24.0.1 , ≤ V24.0.1-IF005 (semver) Affected: V24.0.0 , ≤ V24.0.0-IF007 (semver) cpe:2.3:a:ibm:business_automation_workflow:24.0.0:*:*:*:containers:*:*:* cpe:2.3:a:ibm:business_automation_workflow:24.0.0:if008:*:*:containers:*:*:* cpe:2.3:a:ibm:business_automation_workflow:24.0.1:*:*:*:containers:*:*:* cpe:2.3:a:ibm:business_automation_workflow:24.0.1:if006:*:*:containers:*:*:* cpe:2.3:a:ibm:business_automation_workflow:25.0.0:*:*:*:containers:*:*:* cpe:2.3:a:ibm:business_automation_workflow:25.0.0:if003:*:*:containers:*:*:* |
|
| IBM | Business Automation Workflow traditional |
Affected:
25.0.0
Affected: 24.0.1 Affected: 24.0.0 cpe:2.3:a:ibm:business_automation_workflow:24.0.0:*:*:*:traditional:*:*:* cpe:2.3:a:ibm:business_automation_workflow:24.0.1:*:*:*:traditional:*:*:* cpe:2.3:a:ibm:business_automation_workflow:25.0.0:*:*:*:traditional:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-13096",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-03T15:38:54.551059Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-03T15:39:59.140Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:business_automation_workflow:24.0.0:*:*:*:containers:*:*:*",
"cpe:2.3:a:ibm:business_automation_workflow:24.0.0:if008:*:*:containers:*:*:*",
"cpe:2.3:a:ibm:business_automation_workflow:24.0.1:*:*:*:containers:*:*:*",
"cpe:2.3:a:ibm:business_automation_workflow:24.0.1:if006:*:*:containers:*:*:*",
"cpe:2.3:a:ibm:business_automation_workflow:25.0.0:*:*:*:containers:*:*:*",
"cpe:2.3:a:ibm:business_automation_workflow:25.0.0:if003:*:*:containers:*:*:*"
],
"product": "Business Automation Workflow containers",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "V25.0.0-IF002",
"status": "affected",
"version": "V25.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "V24.0.1-IF005",
"status": "affected",
"version": "V24.0.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "V24.0.0-IF007",
"status": "affected",
"version": "V24.0.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:ibm:business_automation_workflow:24.0.0:*:*:*:traditional:*:*:*",
"cpe:2.3:a:ibm:business_automation_workflow:24.0.1:*:*:*:traditional:*:*:*",
"cpe:2.3:a:ibm:business_automation_workflow:25.0.0:*:*:*:traditional:*:*:*"
],
"product": "Business Automation Workflow traditional",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "25.0.0"
},
{
"status": "affected",
"version": "24.0.1"
},
{
"status": "affected",
"version": "24.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM Business Automation Workflow containers V25.0.0 through V25.0.0\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e-IF007\u003c/span\u003e, V24.0.1 - V24.0.1\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e-IF007\u003c/span\u003e, V24.0.0 - V24.0.0\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e-IF007\u003c/span\u003e and IBM Business Automation Workflow traditional V25.0.0, V24.0.1, V24.0.0 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A\u0026nbsp;remote attacker could exploit this vulnerability to expose sensitive information or consume memory\u0026nbsp;resources.\u003c/p\u003e"
}
],
"value": "IBM Business Automation Workflow containers V25.0.0 through V25.0.0-IF007, V24.0.1 - V24.0.1-IF007, V24.0.0 - V24.0.0-IF007 and IBM Business Automation Workflow traditional V25.0.0, V24.0.1, V24.0.0 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A\u00a0remote attacker could exploit this vulnerability to expose sensitive information or consume memory\u00a0resources."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-02T20:56:48.318Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7259321"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe recommended solution is to apply the Interim Fix (iFix) or Cumulative Fix (CF) containing \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/mysupport/aCIgJ0000007aZpWAI\"\u003eDT456229\u003c/a\u003e\u0026nbsp;as soon as practical.\u003c/p\u003e\u003cdiv\u003e\u003ctable\u003e\u003cthead\u003e\u003ctr\u003e\u003cth\u003eAffected Product(s)\u003c/th\u003e\u003cth\u003eVersion(s)\u003c/th\u003e\u003cth\u003eRemediation / Fix\u003c/th\u003e\u003c/tr\u003e\u003c/thead\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003eIBM Business Automation Workflow containers\u003c/td\u003e\u003ctd\u003eV25.0.0\u003c/td\u003e\u003ctd\u003eApply \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/readme-ibm-business-automation-workflow-containers-25000-interim-fixes\"\u003e25.0.0-IF003\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Business Automation Workflow containers\u003c/td\u003e\u003ctd\u003eV24.0.1\u003c/td\u003e\u003ctd\u003eApply \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/node/7183042\"\u003e24.0.1-IF006\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Business Automation Workflow containers\u003c/td\u003e\u003ctd\u003eV24.0.0\u003c/td\u003e\u003ctd\u003eApply \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/node/7159792\"\u003e24.0.0-IF008\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Business Automation Workflow traditional\u003c/td\u003e\u003ctd\u003eV25.0.0\u003c/td\u003e\u003ctd\u003eApply \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/mysupport/aCIgJ0000007aZpWAI\"\u003eDT456229\u003c/a\u003e\u0026nbsp;included in \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/readme-ibm-business-automation-workflow-25000-interim-fixes\"\u003e25.0.0-IF003\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Business Automation Workflow traditional \u003c/td\u003e\u003ctd\u003eV24.0.1\u003c/td\u003e\u003ctd\u003eApply \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/mysupport/aCIgJ0000007aZpWAI\"\u003eDT456229\u003c/a\u003e\u0026nbsp;included in \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/readme-ibm-business-automation-workflow-24010-interim-fixes\"\u003e24.0.1-IF006\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Business Automation Workflow traditional \u0026nbsp;\u003c/td\u003e\u003ctd\u003eV24.0.0\u003c/td\u003e\u003ctd\u003eApply \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/mysupport/aCIgJ0000007aZpWAI\"\u003eDT456229\u003c/a\u003e\u0026nbsp;included in \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/readme-ibm-business-automation-workflow-24000-interim-fixes\"\u003e24.0.0-IF008\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003cbr\u003e"
}
],
"value": "The recommended solution is to apply the Interim Fix (iFix) or Cumulative Fix (CF) containing DT456229 https://www.ibm.com/mysupport/aCIgJ0000007aZpWAI \u00a0as soon as practical.\n\nAffected Product(s)Version(s)Remediation / FixIBM Business Automation Workflow containersV25.0.0Apply 25.0.0-IF003 https://www.ibm.com/support/pages/readme-ibm-business-automation-workflow-containers-25000-interim-fixes IBM Business Automation Workflow containersV24.0.1Apply 24.0.1-IF006 https://www.ibm.com/support/pages/node/7183042 IBM Business Automation Workflow containersV24.0.0Apply 24.0.0-IF008 https://www.ibm.com/support/pages/node/7159792 IBM Business Automation Workflow traditionalV25.0.0Apply DT456229 https://www.ibm.com/mysupport/aCIgJ0000007aZpWAI \u00a0included in 25.0.0-IF003 https://www.ibm.com/support/pages/readme-ibm-business-automation-workflow-25000-interim-fixes IBM Business Automation Workflow traditional V24.0.1Apply DT456229 https://www.ibm.com/mysupport/aCIgJ0000007aZpWAI \u00a0included in 24.0.1-IF006 https://www.ibm.com/support/pages/readme-ibm-business-automation-workflow-24010-interim-fixes IBM Business Automation Workflow traditional \u00a0V24.0.0Apply DT456229 https://www.ibm.com/mysupport/aCIgJ0000007aZpWAI \u00a0included in 24.0.0-IF008 https://www.ibm.com/support/pages/readme-ibm-business-automation-workflow-24000-interim-fixes"
}
],
"title": "XML eXternal Entity injection (XXE) vulnerability affect IBM Business Automation Workflow -",
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-13096",
"datePublished": "2026-02-02T20:56:48.318Z",
"dateReserved": "2025-11-12T21:55:13.229Z",
"dateUpdated": "2026-02-03T15:39:59.140Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
No mitigation information available for this CWE.
CAPEC-664: Server Side Request Forgery
An adversary exploits improper input validation by submitting maliciously crafted input to a target application running on a server, with the goal of forcing the server to make a request either to itself, to web services running in the server’s internal network, or to external third parties. If successful, the adversary’s request will be made with the server’s privilege level, bypassing its authentication controls. This ultimately allows the adversary to access sensitive data, execute commands on the server’s network, and make external requests with the stolen identity of the server. Server Side Request Forgery attacks differ from Cross Site Request Forgery attacks in that they target the server itself, whereas CSRF attacks exploit an insecure user authentication mechanism to perform unauthorized actions on the user's behalf.