{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-22358", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2026-01-07T12:21:24.564Z", "datePublished": "2026-01-22T16:52:34.992Z", "dateUpdated": "2026-04-28T16:48:54.545Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "electrician", "product": "Electrician - Electrical Service WordPress", "vendor": "SmartDataSoft", "versions": [{"lessThanOrEqual": "5.6", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Bonds | Patchstack Bug Bounty Program"}], "datePublic": "2026-04-01T16:03:57.594Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Server-Side Request Forgery (SSRF) vulnerability in SmartDataSoft Electrician - Electrical Service WordPress electrician allows Server Side Request Forgery.<p>This issue affects Electrician - Electrical Service WordPress: from n/a through <= 5.6.</p>"}], "value": "Server-Side Request Forgery (SSRF) vulnerability in SmartDataSoft Electrician - Electrical Service WordPress electrician allows Server Side Request Forgery.This issue affects Electrician - Electrical Service WordPress: from n/a through <= 5.6."}], "impacts": [{"capecId": "CAPEC-664", "descriptions": [{"lang": "en", "value": "Server Side Request Forgery"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-918", "description": "Server-Side Request Forgery (SSRF)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-04-28T16:14:41.532Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/Wordpress/Theme/electrician/vulnerability/wordpress-electrician-electrical-service-wordpress-theme-5-6-server-side-request-forgery-ssrf-vulnerability?_s_id=cve"}], "title": "WordPress Electrician - Electrical Service WordPress theme <= 5.6 - Server Side Request Forgery (SSRF) vulnerability"}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-01-27T18:42:35.704003Z", "id": "CVE-2026-22358", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-28T16:48:54.545Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-22358", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2026-01-07T12:21:24.564Z", "datePublished": "2026-01-22T16:52:34.992Z", "dateUpdated": "2026-04-28T16:48:54.545Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "electrician", "product": "Electrician - Electrical Service WordPress", "vendor": "SmartDataSoft", "versions": [{"lessThanOrEqual": "5.6", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Bonds | Patchstack Bug Bounty Program"}], "datePublic": "2026-04-01T16:03:57.594Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Server-Side Request Forgery (SSRF) vulnerability in SmartDataSoft Electrician - Electrical Service WordPress electrician allows Server Side Request Forgery.<p>This issue affects Electrician - Electrical Service WordPress: from n/a through <= 5.6.</p>"}], "value": "Server-Side Request Forgery (SSRF) vulnerability in SmartDataSoft Electrician - Electrical Service WordPress electrician allows Server Side Request Forgery.This issue affects Electrician - Electrical Service WordPress: from n/a through <= 5.6."}], "impacts": [{"capecId": "CAPEC-664", "descriptions": [{"lang": "en", "value": "Server Side Request Forgery"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-918", "description": "Server-Side Request Forgery (SSRF)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-04-28T16:14:41.532Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/Wordpress/Theme/electrician/vulnerability/wordpress-electrician-electrical-service-wordpress-theme-5-6-server-side-request-forgery-ssrf-vulnerability?_s_id=cve"}], "title": "WordPress Electrician - Electrical Service WordPress theme <= 5.6 - Server Side Request Forgery (SSRF) vulnerability"}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-22358", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-01-27T18:42:35.704003Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-27T18:42:33.532Z"}}]}}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Server-Side Request Forgery (SSRF) vulnerability in SmartDataSoft Electrician - Electrical Service WordPress electrician allows Server Side Request Forgery.This issue affects Electrician - Electrical Service WordPress: from n/a through <= 5.6."}, {"lang": "es", "value": "Vulnerabilidad de falsificaci\u00f3n de petici\u00f3n del lado del servidor (SSRF) en SmartDataSoft Electrician - Electrical Service WordPress electrician permite falsificaci\u00f3n de petici\u00f3n del lado del servidor. Este problema afecta a Electrician - Electrical Service WordPress: desde n/a hasta &lt;= 5.6."}], "id": "CVE-2026-22358", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 2.7, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-01-22T17:16:31.850", "references": [{"source": "audit@patchstack.com", "url": "https://patchstack.com/database/Wordpress/Theme/electrician/vulnerability/wordpress-electrician-electrical-service-wordpress-theme-5-6-server-side-request-forgery-ssrf-vulnerability?_s_id=cve"}], "sourceIdentifier": "audit@patchstack.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-918"}], "source": "audit@patchstack.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-16T07:50:17.722955+00:00", "value": {"mitigation_remediation": ["Update the Electrician theme to a version that addresses the SSRF flaw (for example, any release newer than 5.6, if available).", "Disable or remove any theme functions that perform remote HTTP requests via WordPress\u2019s HTTP API, or restrict the allowed URLs those functions can target.", "If an upgrade is not immediately possible, consider deactivating the theme or switching to a different, vetted WordPress theme to eliminate the vulnerable code.", "Deploy a web application firewall or security plugin configured to block unexpected outbound requests from the WordPress installation, limiting exposure to the SSRF vector."], "summary": {"action": "Apply Patch", "impact": "Server Side Request Forgery (SSRF) vulnerability"}, "threat_synthesis": {"affected_systems": "SmartDataSoft\u2019s Electrician - Electrical Service WordPress theme is affected for all releases up to and including version 5.6. Systems deploying this theme with any major or minor version equal to or less than 5.6 are potentially vulnerable. The issue does not specifically list newer versions, so all those previous releases remain at risk.", "description_and_impact": "A Server Side Request Forgery flaw exists in the Electrician - Electrical Service WordPress theme via SmartDataSoft. The vulnerability originates from an improperly validated server\u2011side request that allows an attacker to instruct the site to fetch arbitrary URLs. The associated weakness is CWE\u2011918. If exploited, an attacker could cause the site to contact internal or external endpoints, potentially leaking sensitive data, triggering internal processes, or accessing resources not intended for public use. The impact includes compromising confidentiality, integrity, or availability of internal services accessed through the theme\u2019s request handling.", "risk_and_exploitability": "The CVSS score of 5.4 indicates moderate severity. The EPSS score is less than 1%, denoting a very low likelihood of exploitation at the time of this analysis. The vulnerability is not currently cataloged in the CISA Known Exploited Vulnerabilities catalog. The likely attack vector is a remote, publicly accessible request that triggers the theme\u2019s server\u2011side request capability. While the description does not detail authentication requirements or network isolation, SSRF flaws typically exploit remote code execution paths that are reachable over the web."}}}}, "created": "2026-01-23T16:28:34.309531+00:00", "updated": "2026-04-16T08:00:11.189396+00:00", "vendors": ["smartdatasoft", "smartdatasoft$PRODUCT$electrician_-_electrical_service_wordpress", "wordpress", "wordpress$PRODUCT$wordpress"]}