Total
2328 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-4874 | 1 Redhat | 7 Build Keycloak, Build Of Keycloak, Jboss Enterprise Application Platform and 4 more | 2026-04-01 | 3.1 Low |
| A flaw was found in Keycloak. An authenticated attacker can perform Server-Side Request Forgery (SSRF) by manipulating the `client_session_host` parameter during refresh token requests. This occurs when a Keycloak client is configured to use the `backchannel.logout.url` with the `application.session.host` placeholder. Successful exploitation allows the attacker to make HTTP requests from the Keycloak server’s network context, potentially probing internal networks or internal APIs, leading to information disclosure. | ||||
| CVE-2026-33185 | 1 Discourse | 1 Discourse | 2026-04-01 | N/A |
| Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, the group email settings test endpoint could be used to make the server initiate outbound connections to arbitrary hosts and ports. This could allow probing of internal network infrastructure. The endpoint was accessible to non-staff group owners. This issue has been patched in versions 2026.1.3, 2026.2.2, and 2026.3.0. | ||||
| CVE-2026-28036 | 2 Skatdesign, Wordpress | 2 Ratatouille, Wordpress | 2026-04-01 | 6.4 Medium |
| Server-Side Request Forgery (SSRF) vulnerability in SkatDesign Ratatouille ratatouille allows Server Side Request Forgery.This issue affects Ratatouille: from n/a through <= 1.2.6. | ||||
| CVE-2026-25428 | 2 Total-soft, Wordpress | 2 Ts Poll, Wordpress | 2026-04-01 | 4.4 Medium |
| Server-Side Request Forgery (SSRF) vulnerability in totalsoft TS Poll poll-wp allows Server Side Request Forgery.This issue affects TS Poll: from n/a through <= 2.5.5. | ||||
| CVE-2026-25385 | 2 Kaizencoders, Wordpress | 2 Url Shortify, Wordpress | 2026-04-01 | 5.5 Medium |
| Server-Side Request Forgery (SSRF) vulnerability in KaizenCoders URL Shortify url-shortify allows Server Side Request Forgery.This issue affects URL Shortify: from n/a through <= 1.12.3. | ||||
| CVE-2026-25310 | 2 Alobaidi, Wordpress | 2 Extend Link, Wordpress | 2026-04-01 | 4.9 Medium |
| Server-Side Request Forgery (SSRF) vulnerability in Alobaidi Extend Link extend-link allows Server Side Request Forgery.This issue affects Extend Link: from n/a through <= 2.0.0. | ||||
| CVE-2026-24961 | 2 Themegoods, Wordpress | 2 Grand Blog, Wordpress | 2026-04-01 | 5.4 Medium |
| Server-Side Request Forgery (SSRF) vulnerability in ThemeGoods Grand Blog grandblog allows Server Side Request Forgery.This issue affects Grand Blog: from n/a through < 3.1.5. | ||||
| CVE-2026-24381 | 1 Wordpress | 1 Wordpress | 2026-04-01 | 5.4 Medium |
| Server-Side Request Forgery (SSRF) vulnerability in ThemeGoods PhotoMe photome allows Server Side Request Forgery.This issue affects PhotoMe: from n/a through < 5.7.2. | ||||
| CVE-2026-24360 | 2 Craig Hewitt, Wordpress | 2 Seriously Simple Podcasting, Wordpress | 2026-04-01 | 4.6 Medium |
| Server-Side Request Forgery (SSRF) vulnerability in Craig Hewitt Seriously Simple Podcasting seriously-simple-podcasting allows Server Side Request Forgery.This issue affects Seriously Simple Podcasting: from n/a through <= 3.14.1. | ||||
| CVE-2026-23803 | 2 Burhan Nasir, Wordpress | 2 Smart Auto Upload Images, Wordpress | 2026-04-01 | 6.4 Medium |
| Server-Side Request Forgery (SSRF) vulnerability in Burhan Nasir Smart Auto Upload Images smart-auto-upload-images allows Server Side Request Forgery.This issue affects Smart Auto Upload Images: from n/a through <= 1.2.2. | ||||
| CVE-2026-22482 | 2 Wbolt, Wordpress | 2 Imgspider, Wordpress | 2026-04-01 | 9.1 Critical |
| Server-Side Request Forgery (SSRF) vulnerability in wbolt.com IMGspider imgspider allows Server Side Request Forgery.This issue affects IMGspider: from n/a through <= 2.3.12. | ||||
| CVE-2026-22358 | 2 Smartdatasoft, Wordpress | 2 Electrician - Electrical Service Wordpress, Wordpress | 2026-04-01 | 5.4 Medium |
| Server-Side Request Forgery (SSRF) vulnerability in SmartDataSoft Electrician - Electrical Service WordPress electrician allows Server Side Request Forgery.This issue affects Electrician - Electrical Service WordPress: from n/a through <= 5.6. | ||||
| CVE-2025-69299 | 2 Laborator, Wordpress | 2 Oxygen, Wordpress | 2026-04-01 | 7.2 High |
| Server-Side Request Forgery (SSRF) vulnerability in Laborator Oxygen oxygen allows Server Side Request Forgery.This issue affects Oxygen: from n/a through <= 6.0.8. | ||||
| CVE-2025-68500 | 2 Bdthemes, Wordpress | 2 Prime Slider, Wordpress | 2026-04-01 | 9.1 Critical |
| Server-Side Request Forgery (SSRF) vulnerability in bdthemes Prime Slider – Addons For Elementor bdthemes-prime-slider-lite allows Server Side Request Forgery.This issue affects Prime Slider – Addons For Elementor: from n/a through <= 4.0.10. | ||||
| CVE-2025-68030 | 1 Wordpress | 1 Wordpress | 2026-04-01 | 7.2 High |
| Server-Side Request Forgery (SSRF) vulnerability in WP Messiah Frontis Blocks frontis-blocks allows Server Side Request Forgery.This issue affects Frontis Blocks: from n/a through <= 1.1.5. | ||||
| CVE-2025-67989 | 1 Wordpress | 1 Wordpress | 2026-04-01 | 5.4 Medium |
| Server-Side Request Forgery (SSRF) vulnerability in LMPixels Kerge kerge allows Server Side Request Forgery.This issue affects Kerge: from n/a through <= 4.1.3. | ||||
| CVE-2025-67961 | 1 Wordpress | 1 Wordpress | 2026-04-01 | 6.4 Medium |
| Server-Side Request Forgery (SSRF) vulnerability in Marco van Wieren WPO365 wpo365-login allows Server Side Request Forgery.This issue affects WPO365: from n/a through <= 40.0. | ||||
| CVE-2025-64252 | 2 Marcomilesi, Wordpress | 2 Anac Xml Viewer, Wordpress | 2026-04-01 | 4.9 Medium |
| Server-Side Request Forgery (SSRF) vulnerability in Marco Milesi ANAC XML Viewer anac-xml-viewer allows Server Side Request Forgery.This issue affects ANAC XML Viewer: from n/a through <= 1.8.2. | ||||
| CVE-2025-63010 | 1 Wordpress | 1 Wordpress | 2026-04-01 | 4.8 Medium |
| Server-Side Request Forgery (SSRF) vulnerability in ThemesInflow Hercules Core hercules-core allows Server Side Request Forgery.This issue affects Hercules Core : from n/a through <= 7.4. | ||||
| CVE-2025-62988 | 1 Wordpress | 1 Wordpress | 2026-04-01 | 4.9 Medium |
| Server-Side Request Forgery (SSRF) vulnerability in Codeless Slider Templates slider-templates allows Server Side Request Forgery.This issue affects Slider Templates: from n/a through <= 1.0.3. | ||||