CWE-918: Server-Side Request Forgery (SSRF)

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in the WappPress WordPress plugin. Attackers can exploit this to make the vulner...

This Server-Side Request Forgery (SSRF) vulnerability in the Converter for Media WordPress plugin allows unauthenticated attackers to make arbitrary w...

This Server-Side Request Forgery (SSRF) vulnerability in ThemesInflow Hercules Core WordPress plugin allows attackers to make unauthorized requests fr...

This vulnerability allows unauthenticated attackers to perform Server-Side Request Forgery (SSRF) attacks via the 'nice_links' feature in the Better M...

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in BeyondInsight HTTP-based connectors that allows attackers to make arbitrary H...

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in ContiNew Admin's storage management module. Attackers can exploit the URI.cre...

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in ZenTao's Webhook Module. Attackers can exploit the fetchHook function to make...

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in InvoiceNinja's migration import functionality. Attackers can manipulate the c...

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in go-sonic's Theme Fetching API. Attackers can manipulate the 'uri' parameter i...

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in xerrors Yuxi-Know software up to version 0.4.0. Attackers can manipulate the ...

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in dayrui XunRuiCMS up to version 4.7.1. Attackers can exploit this by manipulat...

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in dayrui XunRuiCMS up to version 4.7.1. The flaw allows attackers to make unaut...

This vulnerability allows remote attackers to perform server-side request forgery (SSRF) attacks against samanhappy MCPHub installations up to version...

This CVE describes a blind Server-Side Request Forgery (SSRF) vulnerability in TCL 65C655 Smart TVs that allows unauthenticated attackers to make the ...

This vulnerability allows remote attackers to perform server-side request forgery (SSRF) attacks against SeriaWei ZKEACMS installations up to version ...

This vulnerability in Magicblack MacCMS 2025.1000.4050 allows remote attackers to perform server-side request forgery (SSRF) by manipulating the 'cjur...

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in kodbox 1.61's download handler. Attackers can manipulate the 'url' parameter ...

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in HuangDou UTCMS 9 that allows attackers to manipulate the UPDATEURL parameter ...

This critical Server-Side Request Forgery (SSRF) vulnerability in Vvveb's Drag-and-Drop Editor allows attackers to make unauthorized requests from the...

This Server-Side Request Forgery (SSRF) vulnerability in WonderCMS v3.4.3 allows attackers to force the application to make arbitrary HTTP requests to...

This SSRF vulnerability in Seriously Simple Podcasting WordPress plugin allows attackers to make unauthorized requests from the server to internal or ...

This CVE describes a server-side request forgery (SSRF) vulnerability in IBM InfoSphere Information Server versions 11.7.0.0 through 11.7.1.6. An auth...

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in the Emplibot WordPress plugin that allows authenticated administrators to mak...

This SSRF vulnerability in Icegram Express Pro WordPress plugin allows attackers to make unauthorized requests from the vulnerable server to internal ...

This SSRF vulnerability in the MakeStories WordPress plugin allows attackers to make unauthorized requests from the server to internal or external sys...

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in the Skimlinks Affiliate Marketing Tool WordPress plugin, allowing attackers t...

This Server-Side Request Forgery (SSRF) vulnerability in the Beaf WordPress plugin allows attackers to make the server send unauthorized requests to i...

This Server-Side Request Forgery (SSRF) vulnerability in the SEO Backlink Monitor WordPress plugin allows attackers to make unauthorized requests from...

This SSRF vulnerability in WP Bannerize Pro allows attackers to make the WordPress server send unauthorized requests to internal or external systems. ...

This Server-Side Request Forgery (SSRF) vulnerability in the Solace Extra WordPress plugin allows attackers to make unauthorized requests from the vul...

This vulnerability in Cursor code editor versions below 1.3 allows attackers to exfiltrate sensitive information via Mermaid diagram image rendering. ...

This SSRF vulnerability in ThimPress WP Pipes WordPress plugin allows attackers to make unauthorized requests from the server to internal or external ...

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in Mobile Security Framework (MobSF) where the mitigation for a previous SSRF vu...

This Server-Side Request Forgery (SSRF) vulnerability in XpeedStudio's Metform WordPress plugin allows attackers to make the vulnerable server send HT...

A Server-Side Request Forgery (SSRF) vulnerability in Kiboko Labs Chained Quiz WordPress plugin allows attackers to make unauthorized requests from th...

This Server-Side Request Forgery (SSRF) vulnerability in the WordPress Comment Edit Core plugin allows attackers to make the vulnerable server send un...

This Server-Side Request Forgery (SSRF) vulnerability in the BlossomThemes Email Newsletter WordPress plugin allows attackers to make the server send ...

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in the Ninja Tables WordPress plugin by WPManageNinja LLC. It allows attackers t...

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in the Church Admin WordPress plugin. It allows attackers to make the vulnerable...

This SSRF vulnerability in a-blog CMS allows authenticated administrators to read arbitrary files on the server and access internal network resources....

This vulnerability allows authenticated attackers in SPIP's private area to perform blind Server-Side Request Forgery (SSRF) when editing syndicated s...

This vulnerability allows authenticated WordPress users with Contributor-level permissions or higher to perform Server-Side Request Forgery attacks ag...

Tiny File Manager versions up to 2.6 contain a server-side request forgery (SSRF) vulnerability in the URL upload feature. Attackers can bypass URL va...

The Featured Image from URL (FIFU) WordPress plugin up to version 5.3.1 has a Server-Side Request Forgery vulnerability in its Elementor widget integr...

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in Hemmelig's webhook URL validation that allows authenticated users to bypass I...

The Prime Slider plugin for WordPress has a Server-Side Request Forgery (SSRF) vulnerability that allows authenticated users with subscriber-level acc...

This SSRF vulnerability in LinkAce allows authenticated attackers to make the application server send HTTP requests to internal network resources, ena...

This vulnerability in SAP BI Platform allows attackers to modify the LogonToken IP address for OpenDoc, potentially redirecting ping requests to diffe...

The B Slider WordPress plugin versions ≤2.0.0 contain a Server-Side Request Forgery (SSRF) vulnerability in the fs_api_request function. Authenticat...

This vulnerability allows attackers to perform server-side request forgery (SSRF) attacks against NukeViet CMS installations. Attackers can manipulate...