{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-10705", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-09-18T23:17:38.240Z", "datePublished": "2025-10-23T12:32:32.992Z", "dateUpdated": "2026-04-08T17:21:17.803Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:21:17.803Z"}, "affected": [{"vendor": "mxchat", "product": "MxChat \u2013 AI Chatbot & Content Generation for WordPress", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "2.4.6", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The MxChat \u2013 AI Chatbot for WordPress plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 2.4.6. This is due to insufficient validation of user-supplied URLs in the PDF processing functionality. This makes it possible for unauthenticated attackers to make the WordPress server perform HTTP requests to arbitrary destinations via the mxchat_handle_chat_request AJAX action."}], "title": "MxChat \u2013 AI Chatbot for WordPress <= 2.4.6 - Unauthenticated Blind Server-Side Request Forgery", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c6ca63b8-b437-4e34-a57e-c3d956fbd102?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/mxchat-basic/tags/2.4.1/includes/class-mxchat-integrator.php#L1090"}, {"url": "https://plugins.trac.wordpress.org/browser/mxchat-basic/tags/2.4.1/includes/class-mxchat-integrator.php#L1108"}, {"url": "https://plugins.trac.wordpress.org/browser/mxchat-basic/tags/2.4.1/includes/class-mxchat-integrator.php#L2360"}, {"url": "https://plugins.trac.wordpress.org/changeset/3378505/"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-918 Server-Side Request Forgery (SSRF)", "cweId": "CWE-918", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "baseScore": 5.3, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Jonas Benjamin Friedli"}], "timeline": [{"time": "2025-10-03T13:48:20.000Z", "lang": "en", "value": "Vendor Notified"}, {"time": "2025-10-22T00:00:00.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-10-23T13:33:31.215846Z", "id": "CVE-2025-10705", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-23T13:33:47.776Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-10705", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-10-23T13:33:31.215846Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-23T13:33:40.624Z"}}], "cna": {"title": "MxChat \u2013 AI Chatbot for WordPress <= 2.4.6 - Unauthenticated Blind Server-Side Request Forgery", "credits": [{"lang": "en", "type": "finder", "value": "Jonas Benjamin Friedli"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}}], "affected": [{"vendor": "mxchat", "product": "MxChat \u2013 AI Chatbot & Content Generation for WordPress", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "2.4.6"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-10-03T13:48:20.000Z", "value": "Vendor Notified"}, {"lang": "en", "time": "2025-10-22T00:00:00.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c6ca63b8-b437-4e34-a57e-c3d956fbd102?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/mxchat-basic/tags/2.4.1/includes/class-mxchat-integrator.php#L1090"}, {"url": "https://plugins.trac.wordpress.org/browser/mxchat-basic/tags/2.4.1/includes/class-mxchat-integrator.php#L1108"}, {"url": "https://plugins.trac.wordpress.org/browser/mxchat-basic/tags/2.4.1/includes/class-mxchat-integrator.php#L2360"}, {"url": "https://plugins.trac.wordpress.org/changeset/3378505/"}], "descriptions": [{"lang": "en", "value": "The MxChat \u2013 AI Chatbot for WordPress plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 2.4.6. This is due to insufficient validation of user-supplied URLs in the PDF processing functionality. This makes it possible for unauthenticated attackers to make the WordPress server perform HTTP requests to arbitrary destinations via the mxchat_handle_chat_request AJAX action."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-918", "description": "CWE-918 Server-Side Request Forgery (SSRF)"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:21:17.803Z"}}}, "cveMetadata": {"cveId": "CVE-2025-10705", "state": "PUBLISHED", "dateUpdated": "2026-04-08T17:21:17.803Z", "dateReserved": "2025-09-18T23:17:38.240Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-10-23T12:32:32.992Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The MxChat \u2013 AI Chatbot for WordPress plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 2.4.6. This is due to insufficient validation of user-supplied URLs in the PDF processing functionality. This makes it possible for unauthenticated attackers to make the WordPress server perform HTTP requests to arbitrary destinations via the mxchat_handle_chat_request AJAX action."}], "id": "CVE-2025-10705", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2025-10-23T13:15:38.353", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/mxchat-basic/tags/2.4.1/includes/class-mxchat-integrator.php#L1090"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/mxchat-basic/tags/2.4.1/includes/class-mxchat-integrator.php#L1108"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/mxchat-basic/tags/2.4.1/includes/class-mxchat-integrator.php#L2360"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/changeset/3378505/"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c6ca63b8-b437-4e34-a57e-c3d956fbd102?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-918"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-21T02:07:27.028042+00:00", "value": {"mitigation_remediation": ["Upgrade the MxChat plugin to a version newer than 2.4.6 if an update is available. ", "If no update is available, deactivate or uninstall the plugin to remove the vulnerable endpoint. ", "Restrict the server\u2019s outbound HTTP requests using a web application firewall or network firewall rule, particularly blocking requests to internal IP ranges that the plugin could target. "], "summary": {"action": "Patch Now", "impact": "Blind Server\u2011Side Request Forgery that allows unauthenticated attackers to instruct the WordPress server to perform arbitrary HTTP requests via an exposed AJAX endpoint"}, "threat_synthesis": {"affected_systems": "All publicly available releases of the plugin up to and including version 2.4.6 are affected. The vendor, MXChat, markets the product under the name \u201cMxChat \u2013 AI Chatbot & Content Generation for WordPress.\u201d Users who have installed these versions on their WordPress sites with remote access should consider remediation immediately. While the advisory does not confirm that newer releases are fixed, administrators should verify their installed version and seek an updated release from the plugin repository.", "description_and_impact": "The MxChat \u2013 AI Chatbot for WordPress plugin contains a blind Server\u2011Side Request Forgery vulnerability that permits an unauthenticated attacker to trigger the mxchat_handle_chat_request AJAX action to send HTTP requests to any destination; the flaw originates from insufficient validation of user\u2011supplied URLs in the plugin\u2019s PDF processing logic and is classified as CWE\u2011918. Because the server\u2019s responses are not returned to the attacker, exploitation is silent, yet it can be used to probe internal networks, exfiltrate data, or hinder other services that the server can reach.", "risk_and_exploitability": "The vulnerability has a CVSS score of 5.3, indicating moderate severity, and an EPSS score of less than 1\u202f%, signifying a very low likelihood of exploitation in the wild. It is not listed in CISA\u2019s KEV catalog, further underscoring its limited exploitation appetite. The attack vector is straightforward: any party that can reach the WordPress site can invoke the vulnerable AJAX endpoint and make the server act as an outbound proxy. Detection is challenging due to its blind nature, so monitoring outbound traffic or applying mitigations such as URL validation or restricting outbound requests is advisable."}}}}, "created": "2025-10-24T10:17:04.935113+00:00", "updated": "2026-04-21T02:15:06.524230+00:00", "vendors": ["mxchat", "mxchat$PRODUCT$ai_chatbot_for_wordpress", "wordpress", "wordpress$PRODUCT$wordpress"]}