{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-13231", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-11-15T02:26:51.064Z", "datePublished": "2025-12-16T08:20:24.492Z", "dateUpdated": "2026-04-08T17:20:53.251Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:20:53.251Z"}, "affected": [{"vendor": "radykal", "product": "Fancy Product Designer", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "6.4.8", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Fancy Product Designer plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.4.8. This is due to a time-of-check/time-of-use (TOCTOU) race condition in the 'url' parameter of the fpd_custom_uplod_file AJAX action. The plugin validates the URL by calling getimagesize() first, then later retrieves the same URL using file_get_contents(). This makes it possible for unauthenticated attackers to exploit the timing gap to perform SSRF attacks by serving a valid image during validation, then changing the response to redirect to arbitrary internal or external URLs during the actual fetch."}], "title": "Fancy Product Designer | WooCommerce WordPress <= 6.4.8 - Unauthenticated Server-Side Request Forgery via Race Condition", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c56ec6ae-5b75-4cbb-aedd-f318fddc7bf0?source=cve"}, {"url": "https://support.fancyproductdesigner.com/support/discussions/topics/13000036024"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", "cweId": "CWE-362", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "baseScore": 6.5, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Muhammad Zeeshan"}], "timeline": [{"time": "2025-11-19T16:29:24.000Z", "lang": "en", "value": "Vendor Notified"}, {"time": "2025-12-15T00:00:00.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-12-16T21:35:15.948131Z", "id": "CVE-2025-13231", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-12-16T21:35:23.929Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-13231", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-12-16T21:35:15.948131Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-12-16T21:35:20.245Z"}}], "cna": {"title": "Fancy Product Designer | WooCommerce WordPress <= 6.4.8 - Unauthenticated Server-Side Request Forgery via Race Condition", "credits": [{"lang": "en", "type": "finder", "value": "Muhammad Zeeshan"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"}}], "affected": [{"vendor": "radykal", "product": "Fancy Product Designer", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "6.4.8"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-11-19T16:29:24.000Z", "value": "Vendor Notified"}, {"lang": "en", "time": "2025-12-15T00:00:00.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c56ec6ae-5b75-4cbb-aedd-f318fddc7bf0?source=cve"}, {"url": "https://support.fancyproductdesigner.com/support/discussions/topics/13000036024"}], "descriptions": [{"lang": "en", "value": "The Fancy Product Designer plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.4.8. This is due to a time-of-check/time-of-use (TOCTOU) race condition in the 'url' parameter of the fpd_custom_uplod_file AJAX action. The plugin validates the URL by calling getimagesize() first, then later retrieves the same URL using file_get_contents(). This makes it possible for unauthenticated attackers to exploit the timing gap to perform SSRF attacks by serving a valid image during validation, then changing the response to redirect to arbitrary internal or external URLs during the actual fetch."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-362", "description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:20:53.251Z"}}}, "cveMetadata": {"cveId": "CVE-2025-13231", "state": "PUBLISHED", "dateUpdated": "2026-04-08T17:20:53.251Z", "dateReserved": "2025-11-15T02:26:51.064Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-12-16T08:20:24.492Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The Fancy Product Designer plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.4.8. This is due to a time-of-check/time-of-use (TOCTOU) race condition in the 'url' parameter of the fpd_custom_uplod_file AJAX action. The plugin validates the URL by calling getimagesize() first, then later retrieves the same URL using file_get_contents(). This makes it possible for unauthenticated attackers to exploit the timing gap to perform SSRF attacks by serving a valid image during validation, then changing the response to redirect to arbitrary internal or external URLs during the actual fetch."}], "id": "CVE-2025-13231", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 2.5, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2025-12-16T09:15:51.813", "references": [{"source": "security@wordfence.com", "url": "https://support.fancyproductdesigner.com/support/discussions/topics/13000036024"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c56ec6ae-5b75-4cbb-aedd-f318fddc7bf0?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-362"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-21T00:43:55.444682+00:00", "value": {"mitigation_remediation": ["Immediately upgrade the Fancy Product Designer plugin to a patched release (at least 6.4.9) or the latest available version.", "If an upgrade cannot be performed before detection, block outbound HTTP/HTTPS traffic from the WordPress instance to untrusted hosts using firewall rules or a proxy to mitigate SSRF attempts.", "As a short\u2011term measure, disable or restrict the fpd_custom_upload_file AJAX action until the race condition is resolved, or modify the plugin code to perform validation and retrieval atomically or to reject non\u2011whitelisted URLs before fetching."], "summary": {"action": "Patch Now", "impact": "Server\u2011Side Request Forgery"}, "threat_synthesis": {"affected_systems": "Affected vendor: radykal. Product: Fancy Product Designer plugin for WordPress. All releases up to and including 6.4.8 are vulnerable. No other vendors or products are affected based on the available data.", "description_and_impact": "The Fancy Product Designer plugin for WordPress suffers from a time\u2011of\u2011check/time\u2011of\u2011use race condition in the fpd_custom_uplod_file AJAX action. During validation the plugin calls getimagesize() on the supplied URL, then later fetches the same URL with file_get_contents(). An unauthenticated attacker can exploit the timing window by serving a valid image during validation, then changing the response to redirect to an arbitrary internal or external URL during the actual fetch. This allows the attacker to make the server consider any specified URL, effectively enabling server\u2011side request forgery. The weakness represented is a classic race\u2011condition flaw (CWE\u2011362).", "risk_and_exploitability": "The CVSS score of 6.5 indicates moderate severity, and the EPSS score of less than 1\u00a0% suggests a low probability of current exploitation in the wild, though the vulnerability can be leveraged by any unauthenticated user. The vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog. Attackers need only send a crafted AJAX request to the vulnerable endpoint; no prior authentication is required. If successfully exploited, the server can redirect to various internal or external destinations, potentially exposing sensitive internal networks or facilitating data exfiltration."}}}}, "created": "2025-12-16T17:09:17.077398+00:00", "updated": "2026-04-21T00:45:23.102381+00:00", "vendors": ["radykal", "radykal$PRODUCT$fancy_product_designer", "wordpress", "wordpress$PRODUCT$wordpress"]}