CWE-918

Server-Side Request Forgery (SSRF)

Parent: CWE-441 - Unintended Proxy or Intermediary ('Confused Deputy')

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

2,698 vulnerabilities with CWE-918
CVE-2025-64163 CRITICAL
dataease < 2.10.15 - Server-Side Request Forgery via DNS Protocol
CVSS 9.8
CVE-2025-12388 MEDIUM
Carousel Block <= 1.1.5 - Authenticated SSRF via wp_remote_request()
CVSS 6.4
CVE-2025-11917 MEDIUM
WPeMatico RSS Feed Fetcher <2.8.11 - SSRF
CVSS 6.4
CVE-2025-62719 MEDIUM
LinkAce < 2.4.0 - Authenticated Server-Side Request Forgery via HTML Keyword Fetch
CVSS 4.3
CVE-2025-60319 MEDIUM
PerfreeBlog 4.0.11 - Server-Side Request Forgery via UploadAttachByUrl API Endpoint
CVSS 6.5
CVE-2025-60898 MEDIUM
Halo CMS 2.21 - Unauthenticated Server-Side Request Forgery via Thumbnail URI Endpoint
CVSS 5.8
CVE-2025-59837 HIGH
Astro 5.13.4-5.13.9 - Server-Side Request Forgery via Backslash Bypass in Image Proxy
CVSS 7.2
CVE-2025-36085 MEDIUM
IBM Concert 1.0.0-2.0.0 - Authenticated Server-Side Request Forgery
CVSS 5.4
CVE-2025-62988 MEDIUM
Codeless Slider Templates <1.0.4 - SSRF
CVSS 4.9
CVE-2025-10861 HIGH
Popup builder with Gamification, Multi-Step Popups, Page-Level Targ...
CVSS 7.5
CVE-2025-5350 MEDIUM
WSO2 API Control Plane - Authenticated Server-Side Request Forgery and Reflected Cross-Site Scripting via Try-It Feature
CVSS 5.9
CVE-2025-12136 MEDIUM
The Real Cookie Banner: GDPR & ePrivacy Cookie Consent <5.2.4 - SSRF
CVSS 6.8
CVE-2025-10874 MEDIUM
WordPress Orbit Fox < 3.0.2 - Stock Photo Import Server-Side Request Forgery
CVSS 5.5
CVE-2025-59503 CRITICAL
Azure Compute Gallery - Unauthenticated Server-Side Request Forgery
CVSS 10.0
CVE-2025-11128 MEDIUM
Feedzy WordPress Plugin <=5.1.0 - Subscriber Server-Side Request Forgery
CVSS 5.0
CVE-2025-10705 MEDIUM
MxChat - AI Chatbot for WordPress <2.4.6 - SSRF
CVSS 5.3
CVE-2025-62612 MEDIUM
fastgpt < 4.11.1 - Server-Side Request Forgery via Workflow File Reading Node
CVSS 5.3
CVE-2025-49917 MEDIUM
Icegram Express Pro <= 5.9.5 - Server-Side Request Forgery
CVSS 4.4
CVE-2025-49374 MEDIUM
Captcha.eu <= 1.0.61 - Server-Side Request Forgery
CVSS 5.4
CVE-2025-62763 MEDIUM
Zimbra Collaboration <10.1.12 - SSRF
CVSS 5.0
CVE-2025-11536 MEDIUM
Element Pack Addons for Elementor <8.2.5 - SSRF
CVSS 5.0
CVE-2025-61488 HIGH
SLiMS 9 Bulian 9.6.1 - Server-Side Request Forgery via scrap_image.php
CVSS 7.6
CVE-2025-11361 MEDIUM
Gutenberg Essential Blocks <= 5.7.1 - Authenticated SSRF via eb_save_ai_generated_image
CVSS 6.4
CVE-2025-62505 LOW
LobeChat < 1.136.2 - Server-Side Request Forgery via Tools Search CrawlPages Endpoint
CVSS 3.0
CVE-2025-34282 CRITICAL
ThingsBoard < 4.2.1 - Server-Side Request Forgery via SVG Image Upload
CVSS 9.1
Details
Vulnerabilities 2,698
Links
MITRE CWE Entry Search this CWE With Exploits