CVE-2025-49418
BaseFortify
Publication date: 2025-07-04
Last updated on: 2026-04-23
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-918 | The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-49418 is a Server-Side Request Forgery (SSRF) vulnerability in the WordPress Allmart plugin version 1.0.0 and earlier. It allows an attacker to make the affected website send requests to arbitrary domains controlled by the attacker. This can lead to exposure of sensitive information from other services running on the same system. The vulnerability falls under the OWASP Top 10 category A1: Broken Access Control and requires only subscriber-level privileges to exploit. [1]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing attackers to make your website send requests to attacker-controlled domains, potentially exposing sensitive information from other internal services on the same system. This can lead to unauthorized data disclosure and may compromise the security of your server environment. Since the vulnerability requires only subscriber-level privileges, it can be exploited relatively easily if an attacker gains such access. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this SSRF vulnerability involves monitoring for unusual outbound HTTP requests from the affected WordPress site to arbitrary or attacker-controlled domains. Since the vulnerability allows an attacker to make the server send requests to arbitrary domains, network monitoring tools or logs can be inspected for unexpected external requests originating from the server. Additionally, professional incident response and server-side malware scanning are recommended, as plugin-based malware scanners may be unreliable. Specific commands are not provided in the resources. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include applying the virtual patch (vPatch) released by Patchstack, which blocks attack attempts until an official patch is available. Users should implement this automated virtual patching to protect their websites from exploitation. Since no official fix or updated plugin version is currently available, applying the vPatch is critical. Additionally, users are advised to seek professional incident response and perform server-side malware scanning if compromise is suspected. [1]