{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-11917", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-10-17T14:18:30.580Z", "datePublished": "2025-11-05T06:34:59.886Z", "dateUpdated": "2026-04-08T16:54:58.084Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:54:58.084Z"}, "affected": [{"vendor": "etruel", "product": "WPeMatico RSS Feed Fetcher", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "2.8.11", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The WPeMatico RSS Feed Fetcher plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.8.11 via the wpematico_test_feed() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services."}], "title": "WPeMatico RSS Feed Fetcher <= 2.8.11 - Authenticated (Subscriber+) Server-Side Request Forgery via wpematico_test_feed", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5a1c6377-c2a7-4344-86bd-d2797db19469?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/wpematico/tags/2.8.11/app/campaign_edit.php#L24"}, {"url": "https://plugins.trac.wordpress.org/browser/wpematico/tags/2.8.11/app/wpematico_functions.php#L1249"}, {"url": "https://plugins.trac.wordpress.org/browser/wpematico/tags/2.8.11/app/wpematico_functions.php#L1260"}, {"url": "https://github.com/etruel/wpematico/commit/7a281dcfc0868490d62caee54f3b743708fed7cf"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-918 Server-Side Request Forgery (SSRF)", "cweId": "CWE-918", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "baseScore": 6.4, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Rafshanzani Suhada"}], "timeline": [{"time": "2025-10-11T00:00:00.000Z", "lang": "en", "value": "Discovered"}, {"time": "2025-10-16T11:45:18.000Z", "lang": "en", "value": "Vendor Notified"}, {"time": "2025-11-04T17:38:04.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-11-05T15:45:00.620917Z", "id": "CVE-2025-11917", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-11-05T15:45:19.848Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-11917", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-11-05T15:45:00.620917Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-11-05T15:45:06.603Z"}}], "cna": {"title": "WPeMatico RSS Feed Fetcher <= 2.8.11 - Authenticated (Subscriber+) Server-Side Request Forgery via wpematico_test_feed", "credits": [{"lang": "en", "type": "finder", "value": "Rafshanzani Suhada"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 6.4, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"}}], "affected": [{"vendor": "etruel", "product": "WPeMatico RSS Feed Fetcher", "versions": [{"status": "affected", "version": "*", "versionType": "semver", "lessThanOrEqual": "2.8.11"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-10-11T00:00:00.000+00:00", "value": "Discovered"}, {"lang": "en", "time": "2025-10-16T11:45:18.000+00:00", "value": "Vendor Notified"}, {"lang": "en", "time": "2025-11-04T17:38:04.000+00:00", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5a1c6377-c2a7-4344-86bd-d2797db19469?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/wpematico/tags/2.8.11/app/campaign_edit.php#L24"}, {"url": "https://plugins.trac.wordpress.org/browser/wpematico/tags/2.8.11/app/wpematico_functions.php#L1249"}, {"url": "https://plugins.trac.wordpress.org/browser/wpematico/tags/2.8.11/app/wpematico_functions.php#L1260"}, {"url": "https://github.com/etruel/wpematico/commit/7a281dcfc0868490d62caee54f3b743708fed7cf"}], "descriptions": [{"lang": "en", "value": "The WPeMatico RSS Feed Fetcher plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.8.11 via the wpematico_test_feed() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-918", "description": "CWE-918 Server-Side Request Forgery (SSRF)"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2025-11-05T06:34:59.886Z"}}}, "cveMetadata": {"cveId": "CVE-2025-11917", "state": "PUBLISHED", "dateUpdated": "2025-11-05T15:45:19.848Z", "dateReserved": "2025-10-17T14:18:30.580Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-11-05T06:34:59.886Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The WPeMatico RSS Feed Fetcher plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.8.11 via the wpematico_test_feed() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services."}], "id": "CVE-2025-11917", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 2.7, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2025-11-05T07:15:32.073", "references": [{"source": "security@wordfence.com", "url": "https://github.com/etruel/wpematico/commit/7a281dcfc0868490d62caee54f3b743708fed7cf"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/wpematico/tags/2.8.11/app/campaign_edit.php#L24"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/wpematico/tags/2.8.11/app/wpematico_functions.php#L1249"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/wpematico/tags/2.8.11/app/wpematico_functions.php#L1260"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5a1c6377-c2a7-4344-86bd-d2797db19469?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-918"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-22T12:03:11.427485+00:00", "value": {"mitigation_remediation": ["Upgrade the WPeMatico RSS Feed Fetcher plugin to the latest available version, which removes the vulnerable wpematico_test_feed() function.", "If upgrading is not immediately feasible, block outgoing HTTP requests from the web server to internal IP ranges using firewall rules or proxy configuration, thereby preventing the malicious SSRF calls.", "Disable or remove the wpematico_test_feed endpoint by editing the plugin\u2019s code or WordPress hooks so that the endpoint is no longer callable.", "Consider tightening user role capabilities so that only trusted administrators have access to the wpematico functions; remove Subscriber or higher privileges from users who do not require them."], "summary": {"action": "Patch Immediately", "impact": "Server\u2011Side Request Forgery (SSRF enabling internal data exfiltration or modification"}, "threat_synthesis": {"affected_systems": "Any WordPress installation that has the WPeMatico RSS Feed Fetcher plugin version 2.8.11 or earlier is affected. The issue is limited to sites that have not applied the latest plugin update and require the presence of a Subscriber or higher role to trigger the vulnerable function.", "description_and_impact": "The vulnerability exists in the wpematico_test_feed() function of the WPeMatico RSS Feed Fetcher plugin, allowing any authenticated user with Subscriber or higher privileges to direct the web server to send HTTP requests to arbitrary URLs. By crafting the target URL, an attacker can query or manipulate services that are normally accessible only within the internal network, thereby exposing sensitive data or altering system state.", "risk_and_exploitability": "The CVSS score of 6.4 reflects a moderate severity, and the EPSS score of less than 1% indicates a low probability of real\u2011world exploitation at this time. Because an attacker must first acquire authenticated access, the risk is contingent on the strength and scope of user roles on the site. The vulnerability is listed as not included in the CISA KEV catalog.\nThe exploit path requires an attacker to send a crafted request to the wpematico_test_feed endpoint with a target URL parameter, causing the server to perform an outgoing request. Successful exploitation can result in disclosure of internal resources or modification of internal data.\nGiven the typical internal network segmentation, the actual impact depends on what internal services are reachable from the web server.\nWhile the low EPSS score suggests a limited threat, the presence of authenticated access makes the vulnerability exploitable in environments where subscriber roles are widely granted.\n"}}}}, "created": "2025-11-06T10:07:17.366979+00:00", "updated": "2026-04-22T12:15:16.044840+00:00", "vendors": ["etruel", "etruel$PRODUCT$wpematico_rss_feed_fetcher", "wordpress", "wordpress$PRODUCT$wordpress"]}