CVE-2025-11917 – The WPeMatico RSS Feed Fetcher plugin for WordP... (How to Fix)

Q: What is the severity of CVE-2025-11917?

CVE-2025-11917 has a CVSS score of 6.4 (MEDIUM). The WPeMatico RSS Feed Fetcher plugin for WordPress has a Server-Side Request Forgery (SSRF) vulnerability that allows authenticated users with Subscriber-level access or higher to make arbitrary web requests from the server. This could enable attackers to query internal services, potentially exposing sensitive information or modifying data. All WordPress sites using vulnerable versions of this plugin are affected.

📋 TL;DR

The WPeMatico RSS Feed Fetcher plugin for WordPress has a Server-Side Request Forgery (SSRF) vulnerability that allows authenticated users with Subscriber-level access or higher to make arbitrary web requests from the server. This could enable attackers to query internal services, potentially exposing sensitive information or modifying data. All WordPress sites using vulnerable versions of this plugin are affected.

💻 Affected Systems

Products:

WPeMatico RSS Feed Fetcher WordPress Plugin

Versions: All versions up to and including 2.8.11

Operating Systems: All operating systems running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: Requires WordPress installation with WPeMatico plugin enabled. Any authenticated user (Subscriber role or higher) can exploit this vulnerability.

⚠️ Manual Verification Required

This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.

Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).

🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.

Recommended Actions:

Review the CVE details at NVD
Check vendor security advisories for your specific version
Test if the vulnerability is exploitable in your environment
Consider updating to the latest version as a precaution

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could access internal services, steal credentials from metadata services, scan internal networks, or perform attacks against backend systems that are not internet-facing.

🟠

Likely Case

Information disclosure from internal services, reconnaissance of internal network structure, or limited data modification in vulnerable internal applications.

🟢

If Mitigated

Limited impact if internal services are properly segmented and authenticated, with network controls preventing arbitrary outbound requests.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authenticated access but is technically simple. The vulnerability is in a publicly accessible WordPress plugin function.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.8.12 or later

Vendor Advisory: https://plugins.trac.wordpress.org/browser/wpematico/tags/2.8.12

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find WPeMatico RSS Feed Fetcher. 4. Click 'Update Now' if update is available. 5. Alternatively, download version 2.8.12+ from WordPress plugin repository and manually update.

🔧 Temporary Workarounds

Disable vulnerable function

all

Remove or restrict access to the wpematico_test_feed() function

Edit wpematico_functions.php and comment out lines 1249-1260 or add authentication/validation checks

Restrict user roles

all

Limit Subscriber role access or remove plugin from sites with untrusted users

Use WordPress role management plugins to restrict capabilities
Consider removing Subscriber role entirely if not needed

🧯 If You Can't Patch

Implement network segmentation to restrict outbound requests from web servers
Deploy web application firewall rules to block SSRF patterns and restrict internal network access

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin → Plugins → Installed Plugins for WPeMatico version. If version is 2.8.11 or lower, you are vulnerable.

Check Version:

wp plugin list --name=wpematico --field=version (if WP-CLI installed) or check WordPress admin interface

Verify Fix Applied:

After updating, verify plugin version shows 2.8.12 or higher in WordPress admin panel.

📡 Detection & Monitoring

Log Indicators:

Unusual outbound HTTP requests from web server to internal IPs
Multiple requests to wp-admin/admin-ajax.php with wpematico_test_feed action
Requests to metadata services (169.254.169.254, 192.168.0.0/16, 10.0.0.0/8 ranges)

Network Indicators:

Web server making unexpected outbound HTTP requests to internal networks
Traffic to cloud metadata endpoints from web application server

SIEM Query:

source="web_server_logs" AND (uri="*admin-ajax.php*" AND params="*wpematico_test_feed*") OR (dest_ip IN ("169.254.169.254", "192.168.*", "10.*", "172.16.*"))

📊 Metadata

CVE ID: CVE-2025-11917

CVSS v3 Score: 6.4 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

CWE: CWE-918

EPSS Score: 0.04% exploit probability (12.7th percentile)

Published: November 5, 2025

Last Updated: November 6, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-11917, you might also want to check these: