CVE-2025-49877
BaseFortify
Publication date: 2025-06-17
Last updated on: 2026-04-23
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-918 | The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Server-Side Request Forgery (SSRF) in the WordPress ProfileGrid plugin up to version 5.9.5.2. It allows an attacker to make the affected website send requests to arbitrary domains controlled by the attacker. This can be used to gather sensitive internal information or interact with internal services that are not normally accessible. [1]
How can this vulnerability impact me? :
The impact of this vulnerability includes potential exposure of sensitive information from other services running on the same system as the affected website. Attackers with subscriber-level privileges can exploit this SSRF vulnerability to interact with internal services, which may lead to information disclosure. Although the severity is considered low (CVSS 4.9), exploitation could still compromise internal data or services. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this SSRF vulnerability involves monitoring for unusual outbound requests from the affected ProfileGrid plugin, especially requests to attacker-controlled or unexpected domains. Since exploitation requires subscriber-level privileges, reviewing logs for suspicious user activity and outbound HTTP requests can help. Specific commands are not provided in the resources, but general approaches include analyzing web server logs for unexpected external requests and using network monitoring tools to detect anomalous outbound traffic. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include updating the ProfileGrid plugin to version 5.9.5.3 or later, which contains the fix for this SSRF vulnerability. If immediate updating is not possible, applying Patchstack's virtual patching (vPatching) can automatically mitigate the vulnerability before official patches are applied. Additionally, monitoring for exploitation attempts and preparing for professional incident response and server-side malware scanning in case of compromise is recommended. [1]