CVE-2025-10705
BaseFortify
Publication date: 2025-10-23
Last updated on: 2025-10-27
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wordfence | mxchat-basic | 2.4.1 |
| wordfence | mxchat | 2.4.6 |
| wordfence | mxchat | 2.4.7 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-918 | The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Blind Server-Side Request Forgery (SSRF) in the MxChat β AI Chatbot for WordPress plugin, affecting all versions up to 2.4.6. It occurs because the plugin does not properly validate user-supplied URLs in its PDF processing functionality. As a result, unauthenticated attackers can exploit the mxchat_handle_chat_request AJAX action to make the WordPress server send HTTP requests to arbitrary destinations, potentially accessing internal or restricted network resources. [1]
How can this vulnerability impact me? :
This vulnerability can allow attackers to make the WordPress server perform unauthorized HTTP requests to arbitrary locations, including internal network resources that are normally inaccessible externally. This can lead to information disclosure, internal network scanning, or exploitation of other internal services. Since the attacker does not need to be authenticated, it increases the risk of exploitation. However, the impact on confidentiality is limited (CVSS Confidentiality impact is Low), and there is no direct impact on integrity or availability. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking if the MxChat β AI Chatbot for WordPress plugin is installed and running a version up to and including 2.4.6. Since the vulnerability involves the AJAX action 'mxchat_handle_chat_request' allowing SSRF via PDF URL processing, monitoring or logging HTTP requests made by the WordPress server to arbitrary destinations triggered by this AJAX action could help detect exploitation attempts. Specific commands are not provided in the resources, but you can audit plugin version via WordPress admin or by checking the plugin files. Additionally, monitoring web server logs for unusual outbound HTTP requests or using network monitoring tools to detect unexpected HTTP requests originating from the WordPress server may help. No explicit commands are given in the provided resources. [1]
What immediate steps should I take to mitigate this vulnerability?
The immediate step to mitigate this vulnerability is to update the MxChat plugin to version 2.4.7 or later, where the vulnerability is fixed. The fix includes replacing unsafe HTTP request functions with safer ones, implementing strict URL validation to block unsafe URLs, and enhancing PDF fetching logic to prevent SSRF attacks. Until the update is applied, consider disabling the PDF upload functionality or restricting access to the vulnerable AJAX action if possible. [1]