inc2734 - Security Researcher - Exploit Intelligence Platform

CVE-2025-10137 WRITEUP MEDIUM WRITEUP

Snow Monkey Theme <29.1.5 - SSRF

The Snow Monkey theme for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 29.1.5 via the request() function. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.

CVSS 5.4

View Code

CVE-2024-1995 WRITEUP MEDIUM WRITEUP

WordPress <4.2.2 - Info Disclosure

The Smart Custom Fields plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the relational_posts_search() function in all versions up to, and including, 4.2.2. This makes it possible for authenticated attackers, with subscrber-level access and above, to retrieve post content that is password protected and/or private.

CVSS 4.3

View Code

CVE-2025-10137 WRITEUP MEDIUM WRITEUP

Snow Monkey Theme <29.1.5 - SSRF

The Snow Monkey theme for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 29.1.5 via the request() function. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.

CVSS 5.4

View Code