Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

WP Crontrol

Source -

CNA

CNA CVEs -

1

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

0
Related CVEsRelated VendorsRelated AssignersReports
1Vulnerabilities found
CVE-2025-8678
Assigner-Wordfence
ShareView Details
Assigner-Wordfence
CVSS Score-5.9||MEDIUM
EPSS-0.03% / 7.50%
||
7 Day CHG~0.00%
Published-22 Aug, 2025 | 07:24
Updated-25 Aug, 2025 | 14:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WP Crontrol - 1.17.0 - 1.19.1 - Authenticated (Administrator+) Blind Server-Side Request Forgery

The WP Crontrol plugin for WordPress is vulnerable to blind Server-Side Request Forgery in versions 1.17.0 to 1.19.1 via the 'wp_remote_request' function. This makes it possible for authenticated attackers, with Administrator-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.

Action-Not Available
Vendor-johnbillion
Product-WP Crontrol
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)