CWE-918

Server-Side Request Forgery (SSRF)

Parent: CWE-441 - Unintended Proxy or Intermediary ('Confused Deputy')

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

2,708 vulnerabilities with CWE-918
CVE-2025-31527 MEDIUM
Kishan WP Link Preview <1.4.1 - SSRF
CVSS 6.4
CVE-2025-28096 MEDIUM
OneNav 1.1.0 Custom Headers - Server-Side Request Forgery
CVSS 5.4
CVE-2025-28094 MEDIUM
ShopXO 6.4.0 Multiple Functions - Server-Side Request Forgery and Cross-Site Scripting
CVSS 6.5
CVE-2025-28093 MEDIUM
ShopXO 6.4.0 Email Settings - Server-Side Request Forgery
CVSS 6.3
CVE-2025-28092 MEDIUM
ShopXO 6.4.0 Image Upload - Server-Side Request Forgery
CVSS 6.3
CVE-2025-28091 CRITICAL
MacCMS Add Article - Server-Side Request Forgery
CVSS 9.1
CVE-2025-28090 CRITICAL
MacCMS Collection Custom Interface - Server-Side Request Forgery
CVSS 9.1
CVE-2025-28089 CRITICAL
MacCMS Scheduled Task - Server-Side Request Forgery
CVSS 9.1
CVE-2025-31076 MEDIUM
WP Compress for MainWP <= 6.30.03 - Server-Side Request Forgery
CVSS 4.9
CVE-2025-22672 MEDIUM
SuitePlugins Video & Photo Gallery - SSRF
CVSS 4.9
CVE-2025-30914 MEDIUM
Metform <= 3.9.2 - Server-Side Request Forgery
CVSS 4.4
CVE-2025-2835 MEDIUM
zhyd oneblog < 2.3.9 - Server-Side Request Forgery via autoLink Function
CVSS 4.3
CVE-2025-27406 HIGH
Icinga Reporting 0.10.0-1.0.2 - Stored Cross-Site Scripting via Template Injection
CVSS 7.6
CVE-2025-1912 HIGH
Product Import Export for WooCommerce - SSRF
CVSS 7.6
CVE-2025-2109 MEDIUM
WP Compress < 6.30.15 - Unauthenticated Server-Side Request Forgery via init() Function
CVSS 5.8
CVE-2025-2691 HIGH
nossrf < 1.0.4 - Server-Side Request Forgery via Hostname Bypass
CVSS 8.2
CVE-2025-1970 HIGH
WordPress Export and Import Users and Customers <= 2.6.2 - Admin Server-Side Request Forgery
CVSS 7.6
CVE-2025-27888 MEDIUM
Apache Druid - Server-Side Request Forgery
CVSS 5.4
CVE-2025-0454 HIGH
agpt/autogpt_platform < 0.4.0 - Server-Side Request Forgery via Hostname Confusion
CVSS 7.5
CVE-2025-0188 MEDIUM
gaizhenbiao/chuanhuchatgpt 20240914 - SSRF
CVSS 6.5
CVE-2025-0184 MEDIUM
langgenius/dify < 0.11.0 - Server-Side Request Forgery via DOCX External Relationship
CVSS 6.5
CVE-2025-27777 HIGH
Applio < 3.2.7 - Server-Side Request Forgery in model_download.py
CVSS 7.5
CVE-2025-27776 MEDIUM
Applio < 3.2.7 - Server-Side Request Forgery and Arbitrary File Write in model_download.py
CVSS 5.3
CVE-2025-27775 MEDIUM
Applio < 3.2.7 - Server-Side Request Forgery and Arbitrary File Write via model_download.py
CVSS 5.3
CVE-2025-27774 MEDIUM
Applio < 3.2.7 - Server-Side Request Forgery and Arbitrary File Write via model_download.py
CVSS 5.3
Details
Vulnerabilities 2,708
Links
MITRE CWE Entry Search this CWE With Exploits