CVE-2025-60175

MEDIUM

WordPress PopAd Plugin <= 1.0.4 - Server Side Request Forgery (SSRF) Vulnerability

Title source: cna

Administrator Server Side Request Forgery (SSRF) in PopAd <= 1.0.4 versions.

Core 1

Core References

Vdb Entry vdb-entry

CVSS v3 4.4

EPSS 0.0017

EPSS Percentile 6.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

CWE

CWE-918

Status published

Products (1)

vynnus/PopAd < 1.0.4

Published Jun 15, 2026

Tracked Since Jun 16, 2026