CVE-2025-11467
BaseFortify
Publication date: 2025-12-11
Last updated on: 2025-12-11
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| feedzy | feed_to_post | 5.1.1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-918 | The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Blind Server-Side Request Forgery (SSRF) in the RSS Aggregator by Feedzy plugin for WordPress, affecting all versions up to 5.1.1. It occurs via the feedzy_lazy_load function, allowing unauthenticated attackers to make web requests from the web application to arbitrary locations, potentially querying and modifying information from internal services.
How can this vulnerability impact me? :
The vulnerability allows unauthenticated attackers to send requests from the vulnerable web application to arbitrary locations, which can lead to unauthorized querying and modification of information from internal services. This can result in data exposure or manipulation within the internal network.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this Blind Server-Side Request Forgery (SSRF) vulnerability in the Feedzy plugin involves monitoring for unusual outbound web requests originating from the WordPress application, especially those triggered by the feedzy_lazy_load function. Since the vulnerability allows unauthenticated attackers to make arbitrary web requests, network monitoring tools can be used to detect unexpected internal or external HTTP requests from the web server. Additionally, reviewing WordPress logs for unusual access patterns to the feedzy plugin endpoints or shortcode usage may help. Specific commands depend on your environment, but examples include using network monitoring tools like tcpdump or Wireshark to capture outbound HTTP requests, e.g., `tcpdump -i eth0 -A port 80 or port 443` to inspect HTTP/S traffic from the server. Also, checking web server access logs for suspicious requests to feedzy-related URLs or parameters can help. However, no explicit detection commands are provided in the resources. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include updating the Feedzy plugin to a version later than 5.1.1 where the vulnerability is fixed. If an update is not immediately possible, disabling or removing the Feedzy plugin can prevent exploitation. Additionally, restricting outbound HTTP requests from the web server to only trusted destinations via firewall rules can reduce risk. Monitoring and blocking suspicious requests targeting the feedzy_lazy_load function or related endpoints is also advisable. Since the vulnerability allows unauthenticated attackers to make arbitrary web requests, limiting plugin usage and access until patched is critical. [1]