Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-31796

Summary
Assigner-Patchstack
Assigner Org ID-21595511-bba5-4825-b968-b78d1f9984a3
Published At-01 Apr, 2025 | 14:51
Updated At-01 Apr, 2025 | 19:28
Rejected At-
Credits

WordPress ElementsCSS Addons for Elementor plugin <= 1.0.8.7 - Server Side Request Forgery (SSRF) vulnerability

Server-Side Request Forgery (SSRF) vulnerability in TheInnovs Team ElementsCSS Addons for Elementor allows Server Side Request Forgery. This issue affects ElementsCSS Addons for Elementor: from n/a through 1.0.8.7.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Patchstack
Assigner Org ID:21595511-bba5-4825-b968-b78d1f9984a3
Published At:01 Apr, 2025 | 14:51
Updated At:01 Apr, 2025 | 19:28
Rejected At:
▼CVE Numbering Authority (CNA)
WordPress ElementsCSS Addons for Elementor plugin <= 1.0.8.7 - Server Side Request Forgery (SSRF) vulnerability

Server-Side Request Forgery (SSRF) vulnerability in TheInnovs Team ElementsCSS Addons for Elementor allows Server Side Request Forgery. This issue affects ElementsCSS Addons for Elementor: from n/a through 1.0.8.7.

Affected Products
Vendor
TheInnovs Team
Product
ElementsCSS Addons for Elementor
Collection URL
https://wordpress.org/plugins
Package Name
css-for-elementor
Default Status
unaffected
Versions
Affected
  • From n/a through 1.0.8.7 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-918CWE-918 Server-Side Request Forgery (SSRF)
Type: CWE
CWE ID: CWE-918
Description: CWE-918 Server-Side Request Forgery (SSRF)
Metrics
VersionBase scoreBase severityVector
3.15.4MEDIUM
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N
Version: 3.1
Base score: 5.4
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-664CAPEC-664 Server Side Request Forgery
CAPEC ID: CAPEC-664
Description: CAPEC-664 Server Side Request Forgery
Solutions
Configurations
Workarounds
Exploits
Credits
finder
Tran Nguyen Bao Khanh (VCI - VNPT Cyber Immunity) (Patchstack Alliance)
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://patchstack.com/database/wordpress/plugin/css-for-elementor/vulnerability/wordpress-elementscss-addons-for-elementor-plugin-1-0-8-7-server-side-request-forgery-ssrf-vulnerability?_s_id=cve
vdb-entry
Hyperlink: https://patchstack.com/database/wordpress/plugin/css-for-elementor/vulnerability/wordpress-elementscss-addons-for-elementor-plugin-1-0-8-7-server-side-request-forgery-ssrf-vulnerability?_s_id=cve
Resource:
vdb-entry
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:audit@patchstack.com
Published At:01 Apr, 2025 | 15:16
Updated At:01 Apr, 2025 | 20:26

Server-Side Request Forgery (SSRF) vulnerability in TheInnovs Team ElementsCSS Addons for Elementor allows Server Side Request Forgery. This issue affects ElementsCSS Addons for Elementor: from n/a through 1.0.8.7.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.15.4MEDIUM
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N
Type: Secondary
Version: 3.1
Base score: 5.4
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-918Primaryaudit@patchstack.com
CWE ID: CWE-918
Type: Primary
Source: audit@patchstack.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://patchstack.com/database/wordpress/plugin/css-for-elementor/vulnerability/wordpress-elementscss-addons-for-elementor-plugin-1-0-8-7-server-side-request-forgery-ssrf-vulnerability?_s_id=cveaudit@patchstack.com
N/A
Hyperlink: https://patchstack.com/database/wordpress/plugin/css-for-elementor/vulnerability/wordpress-elementscss-addons-for-elementor-plugin-1-0-8-7-server-side-request-forgery-ssrf-vulnerability?_s_id=cve
Source: audit@patchstack.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

13Records found
CVE-2025-47548
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.04% / 12.35%
||
7 Day CHG~0.00%
Published-07 May, 2025 | 14:20
Updated-12 May, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Wbcom Designs - Activity Link Preview For BuddyPress <= 1.4.4 - Server Side Request Forgery (SSRF) Vulnerability

Server-Side Request Forgery (SSRF) vulnerability in Varun Dubey Wbcom Designs - Activity Link Preview For BuddyPress allows Server Side Request Forgery. This issue affects Wbcom Designs - Activity Link Preview For BuddyPress: from n/a through 1.4.4.

Action-Not Available
Vendor-wbcomdesignsVarun Dubey
Product-activity_link_preview_for_buddypressWbcom Designs - Activity Link Preview For BuddyPress
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2025-31824
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.05% / 14.51%
||
7 Day CHG~0.00%
Published-01 Apr, 2025 | 14:51
Updated-15 Apr, 2025 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Optin Wheel Plugin <= 1.4.7 - Server Side Request Forgery (SSRF) vulnerability

Server-Side Request Forgery (SSRF) vulnerability in Wombat Plugins WP Optin Wheel allows Server Side Request Forgery. This issue affects WP Optin Wheel: from n/a through 1.4.7.

Action-Not Available
Vendor-Wombat Plugins
Product-WP Optin Wheel
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2023-42450
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.4||MEDIUM
EPSS-0.28% / 51.01%
||
7 Day CHG~0.00%
Published-19 Sep, 2023 | 15:53
Updated-18 Jun, 2025 | 14:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Mastodon Server-Side Request Forgery vulnerability

Mastodon is a free, open-source social network server based on ActivityPub. Starting in version 4.2.0-beta1 and prior to version 4.2.0-rc2, by crafting specific input, attackers can inject arbitrary data into HTTP requests issued by Mastodon. This can be used to perform confused deputy attacks if the server configuration includes `ALLOWED_PRIVATE_ADDRESSES` to allow access to local exploitable services. Version 4.2.0-rc2 has a patch for the issue.

Action-Not Available
Vendor-joinmastodonmastodon
Product-mastodonmastodon
CWE ID-CWE-113
Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2025-30997
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.04% / 10.83%
||
7 Day CHG~0.00%
Published-06 Jun, 2025 | 12:54
Updated-06 Jun, 2025 | 15:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Car Repair Services <= 5.0 - Server Side Request Forgery (SSRF) Vulnerability

Server-Side Request Forgery (SSRF) vulnerability in SmartDataSoft Car Repair Services allows Server Side Request Forgery. This issue affects Car Repair Services: from n/a through 5.0.

Action-Not Available
Vendor-SmartDataSoft
Product-Car Repair Services
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2025-31009
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.05% / 14.51%
||
7 Day CHG~0.00%
Published-09 Apr, 2025 | 16:10
Updated-09 Apr, 2025 | 20:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress IndieBlocks <= 0.13.1 - Server Side Request Forgery (SSRF) Vulnerability

Server-Side Request Forgery (SSRF) vulnerability in Jan Boddez IndieBlocks allows Server Side Request Forgery. This issue affects IndieBlocks: from n/a through 0.13.1.

Action-Not Available
Vendor-Jan Boddez
Product-IndieBlocks
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2025-30964
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.05% / 14.51%
||
7 Day CHG~0.00%
Published-15 Apr, 2025 | 11:59
Updated-15 Apr, 2025 | 18:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Photography theme <= 7.5.2 - Server Side Request Forgery (SSRF) vulnerability

Server-Side Request Forgery (SSRF) vulnerability in EPC Photography. This issue affects Photography: from n/a through 7.5.2.

Action-Not Available
Vendor-EPC
Product-Photography
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2025-28963
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.04% / 10.10%
||
7 Day CHG~0.00%
Published-04 Jul, 2025 | 08:42
Updated-08 Jul, 2025 | 16:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress URL Shortener plugin <= 3.0.7 - Server Side Request Forgery (SSRF) Vulnerability

Server-Side Request Forgery (SSRF) vulnerability in Md Yeasin Ul Haider URL Shortener allows Server Side Request Forgery. This issue affects URL Shortener: from n/a through 3.0.7.

Action-Not Available
Vendor-Md Yeasin Ul Haider
Product-URL Shortener
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2025-22701
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.04% / 11.54%
||
7 Day CHG~0.00%
Published-03 Feb, 2025 | 14:23
Updated-03 Feb, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Traveler Layout Essential For Elementor plugin <= 1.0.8 - Server Side Request Forgery (SSRF) vulnerability

Server-Side Request Forgery (SSRF) vulnerability in NotFound Traveler Layout Essential For Elementor. This issue affects Traveler Layout Essential For Elementor: from n/a through 1.0.8.

Action-Not Available
Vendor-NotFound
Product-Traveler Layout Essential For Elementor
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2024-44055
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.04% / 11.54%
||
7 Day CHG~0.00%
Published-31 Jan, 2025 | 08:23
Updated-31 Jan, 2025 | 19:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Oshine Modules plugin < 3.3.6 - Unauthenticated Server Side Request Forgery (SSRF) vulnerability

Server-Side Request Forgery (SSRF) vulnerability in NotFound Oshine Modules. This issue affects Oshine Modules: from n/a through n/a.

Action-Not Available
Vendor-NotFound
Product-Oshine Modules
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2024-30453
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.23% / 45.22%
||
7 Day CHG~0.00%
Published-29 Mar, 2024 | 16:38
Updated-02 Aug, 2024 | 01:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Brave plugin <= 0.6.5 - Server Side Request Forgery (SSRF) vulnerability

Server-Side Request Forgery (SSRF) vulnerability in Brave Brave Popup Builder.This issue affects Brave Popup Builder: from n/a through 0.6.5.

Action-Not Available
Vendor-Brave
Product-Brave Popup Builder
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2024-33592
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.10% / 27.62%
||
7 Day CHG~0.00%
Published-25 Apr, 2024 | 14:52
Updated-02 Aug, 2024 | 02:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Radio Player plugin <= 2.0.73 - Server Side Request Forgery (SSRF) vulnerability

Server-Side Request Forgery (SSRF) vulnerability in SoftLab Radio Player.This issue affects Radio Player: from n/a through 2.0.73.

Action-Not Available
Vendor-SoftLab
Product-Radio Player
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2024-33634
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.15% / 36.18%
||
7 Day CHG~0.00%
Published-29 Apr, 2024 | 07:44
Updated-02 Aug, 2024 | 02:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Piotnet Addons For Elementor Pro plugin <= 7.1.17 - Unauthenticated Server Side Request Forgery (SSRF) vulnerability

Server-Side Request Forgery (SSRF) vulnerability in Piotnet Piotnet Addons For Elementor Pro.This issue affects Piotnet Addons For Elementor Pro: from n/a through 7.1.17.

Action-Not Available
Vendor-Piotnetpiotnet
Product-Piotnet Addons For Elementor Propiotnet_forms
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2024-39637
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.07% / 21.47%
||
7 Day CHG~0.00%
Published-01 Aug, 2024 | 21:21
Updated-04 Nov, 2024 | 22:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Edubin theme <= 9.2.0 - Server Side Request Forgery (SSRF) vulnerability

Server Side Request Forgery (SSRF) vulnerability in Pixelcurve Edubin edubin.This issue affects Edubin: from n/a through 9.2.0.

Action-Not Available
Vendor-Pixelcurve
Product-Edubin
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
Details not found