CVE-2026-3478
Received Received - Intake
Server-Side Request Forgery in WordPress Content Syndication Toolkit

Publication date: 2026-03-21

Last updated on: 2026-03-21

Assigner: Wordfence

Description
The Content Syndication Toolkit plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.3 via the redux_p AJAX action in the bundled ReduxFramework library. The plugin registers a proxy endpoint (wp_ajax_nopriv_redux_p) that is accessible to unauthenticated users. The proxy() method in the Redux_P class takes a URL directly from $_GET['url'] without any validation (the regex is set to /.*/ which matches all URLs) and passes it to wp_remote_request(), which does not have built-in SSRF protection like wp_safe_remote_request(). There is no authentication check, no nonce verification, and no URL restriction. The response from the requested URL is then returned to the attacker, making this a full-read SSRF. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application, which can be used to query and modify information from internal services, scan internal network ports, or interact with cloud metadata endpoints.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-21
Last Modified
2026-03-21
Generated
2026-05-07
AI Q&A
2026-03-21
EPSS Evaluated
2026-05-05
NVD
CVE-2026-3478
EUVD
EUVD-2026-14149
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
reduxframework content_syndication_toolkit to 1.3 (inc)
wordfence content_syndication_toolkit to 1.3 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-918 The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

The Content Syndication Toolkit plugin for WordPress, up to version 1.3, contains a Server-Side Request Forgery (SSRF) vulnerability via the redux_p AJAX action in the bundled ReduxFramework library.

An unauthenticated attacker can access a proxy endpoint (wp_ajax_nopriv_redux_p) that takes a URL parameter without any validation or restrictions and uses it to make web requests from the server.

Because the plugin does not verify authentication, nonce, or restrict URLs, the attacker can make arbitrary requests originating from the web application, potentially accessing internal services or cloud metadata endpoints.


How can this vulnerability impact me? :

This vulnerability allows unauthenticated attackers to make arbitrary web requests from the vulnerable server to internal or external systems.

  • Attackers can query or modify information from internal services that are not normally accessible externally.
  • It can be used to scan internal network ports, potentially revealing other vulnerable services.
  • Attackers may interact with cloud metadata endpoints, which could lead to exposure of sensitive cloud environment information.

How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

I don't know


How can this vulnerability be detected on my network or system? Can you suggest some commands?

I don't know


What immediate steps should I take to mitigate this vulnerability?

I don't know


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart