CVE-2025-49985
BaseFortify
Publication date: 2025-06-20
Last updated on: 2026-04-23
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-918 | The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Server-Side Request Forgery (SSRF) in the WordPress Auto Upload Images plugin (up to version 3.3.2). It allows an attacker with Contributor privileges to make the affected website send requests to arbitrary domains controlled by the attacker. This can lead to exposure of sensitive information from other services running on the same system. The vulnerability is classified under OWASP Top 10 category A1: Broken Access Control and has a low severity score of 4.9. [1]
How can this vulnerability impact me? :
Exploitation of this vulnerability can allow an attacker to make the website send requests to attacker-controlled domains, potentially exposing sensitive information from other services on the same system. Although the severity is low and exploitation is considered unlikely, the risk remains due to the plugin being abandoned with no official patch available. Users are advised to replace the plugin urgently to mitigate this risk. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this SSRF vulnerability involves monitoring for unusual outbound requests from the affected WordPress site to arbitrary or attacker-controlled domains. Since the vulnerability requires Contributor privilege to exploit, reviewing user roles and recent activities may help. Network monitoring tools can be used to detect unexpected HTTP requests originating from the server. There are no specific commands provided in the resources. For incident response, professional server-side malware scanning is recommended rather than relying on plugin-based scanners. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include removing and replacing the vulnerable Auto Upload Images plugin, as it is abandoned and has no official patch. Simply deactivating the plugin is insufficient unless a virtual patch (vPatch) is applied. Patchstack offers automated vPatching as a rapid and effective mitigation method without performance loss. Users are advised to urgently replace the plugin with an alternative solution to eliminate the security risk. [1]