CVE-2025-7813
BaseFortify
Publication date: 2025-08-23
Last updated on: 2025-08-25
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wordpress | wordpress | * |
| eventin | event_tickets | * |
| eventin | registrations | * |
| eventin | event_booking | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-918 | The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Server-Side Request Forgery (SSRF) in the Eventin WordPress plugin (versions up to 4.0.37) via the proxy_image function. It allows unauthenticated attackers to make web requests from the web application to arbitrary locations. This means attackers can potentially query and modify information from internal services that are not normally accessible externally.
How can this vulnerability impact me? :
The SSRF vulnerability can allow attackers to access internal services behind firewalls or on private networks by making the server perform requests on their behalf. This can lead to unauthorized information disclosure or modification of internal data, potentially compromising the confidentiality and integrity of your systems.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for HTTP requests to the WordPress plugin's image proxy endpoint using the GET parameter 'action=proxy_image' with arbitrary URLs. You can look for unusual outbound requests originating from your web application to internal or external URLs via this parameter. For example, using network monitoring tools or web server logs, search for requests like: GET /wp-admin/admin-ajax.php?action=proxy_image&url=... Additionally, you can use command-line tools such as curl to test the proxy_image endpoint with various URLs to see if it improperly fetches arbitrary locations. Example command: curl -v 'https://yourwordpresssite.com/wp-admin/admin-ajax.php?action=proxy_image&url=http://example.com/malicious.jpg' Monitoring logs for such requests or unexpected internal network calls can help detect exploitation attempts. [1, 2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include updating the Eventin plugin to version 4.0.38 or later, where enhanced validation of the proxy_image function has been implemented. This update restricts image URL fetching to a fixed domain (https://product.themewinter.com), enforces HTTPS, validates URL format strictly, limits file size to 5MB, and restricts allowed MIME types to specific image formats. If updating immediately is not possible, consider disabling or restricting access to the proxy_image endpoint (e.g., via web server rules or firewall) to prevent unauthenticated attackers from exploiting the SSRF vulnerability. Additionally, monitor and block suspicious requests targeting the 'action=proxy_image' parameter. [2]