CVE-2025-14793
📋 TL;DR
The DK PDF WordPress plugin is vulnerable to Server-Side Request Forgery (SSRF) that allows authenticated attackers (author level or higher) to make arbitrary web requests from the vulnerable server. This can be used to query or modify internal services that are normally inaccessible from external networks. All WordPress sites using DK PDF plugin versions up to 2.3.0 are affected.
💻 Affected Systems
- DK PDF - WordPress PDF Generator
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers could access sensitive internal services, exfiltrate data from internal APIs, perform port scanning of internal networks, or interact with cloud metadata services to obtain credentials.
Likely Case
Attackers with author-level access could probe internal networks, access internal web applications, or interact with services like Redis, Elasticsearch, or databases that are only accessible internally.
If Mitigated
With proper network segmentation and internal service authentication, impact is limited to information disclosure about internal network structure and services.
🎯 Exploit Status
Exploitation requires authenticated access but is straightforward once attacker has author-level credentials. SSRF attacks are commonly weaponized in real attacks.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2.3.1 or later
Vendor Advisory: https://plugins.trac.wordpress.org/browser/dk-pdf
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'DK PDF - WordPress PDF Generator'. 4. Click 'Update Now' if update available. 5. If no update available, deactivate and delete plugin, then install fresh version from WordPress repository.
🔧 Temporary Workarounds
Disable DK PDF Plugin
allTemporarily disable the vulnerable plugin until patched
wp plugin deactivate dk-pdf
Restrict Author Access
allReview and minimize author-level user accounts
🧯 If You Can't Patch
- Implement network segmentation to isolate WordPress server from sensitive internal services
- Deploy web application firewall (WAF) with SSRF protection rules
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin → Plugins → Installed Plugins for DK PDF version. If version is 2.3.0 or lower, system is vulnerable.Check Version:
wp plugin get dk-pdf --field=versionVerify Fix Applied:
Verify DK PDF plugin version is 2.3.1 or higher in WordPress admin panel.📡 Detection & Monitoring
Log Indicators:
- Unusual outbound HTTP requests from WordPress server to internal IP addresses
- Multiple failed PDF generation attempts with unusual URLs in parameters
Network Indicators:
- WordPress server making HTTP requests to internal services (127.0.0.1, 10.x, 172.16.x, 192.168.x)
- Unusual traffic patterns from web server to non-standard ports
SIEM Query:
source="wordpress-logs" AND (url CONTAINS "dkpdf" OR plugin="dk-pdf") AND (request_uri CONTAINS "http://" OR request_uri CONTAINS "https://")🔗 References
- https://plugins.trac.wordpress.org/browser/dk-pdf/tags/2.3.0/modules/PDF/DocumentBuilder.php#L213
- https://plugins.trac.wordpress.org/browser/dk-pdf/tags/2.3.0/templates/dkpdf-index.php#L134
- https://plugins.trac.wordpress.org/browser/dk-pdf/trunk/modules/Frontend/WordPressIntegration.php?marks=22-25#L22
- https://plugins.trac.wordpress.org/browser/dk-pdf/trunk/modules/PDF/Generator.php?marks=24-56#L24
- https://www.wordfence.com/threat-intel/vulnerabilities/id/b062f72a-542c-4212-af83-4faefbf69bd7?source=cve
