Description
The URL Media Uploader plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.0.0 via the 'url_media_uploader_url_upload' action. This makes it possible for authenticated attackers, with author-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.
Published: 2025-02-28
Score: 6.4 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Server‑Side Request Forgery (SSRF)
Action: Patch Now
AI Analysis

Impact

The vulnerable functionality is the url_media_uploader_url_upload action in the URL Media Uploader WordPress plugin. A flaw described by CWE‑918 allows authenticated users with author level or higher to instruct the web application to send HTTP requests to arbitrary domains. This can be used to probe internal network services, exfiltrate data, or potentially modify internal resources, without requiring elevated or unauthenticated access. The vulnerability does not provide direct code execution but enables attackers to interact with sensitive internal systems, creating a significant threat to confidentiality and integrity.

Affected Systems

The issue affects the WordPress plugin URL Media Uploader from the vendor Apprhyme, for all releases up to and including version 1.0.0. Users should verify whether their installations are running any of these affected versions and plan for an upgrade as appropriate.

Risk and Exploitability

The CVSS score of 6.4 indicates medium severity. The EPSS score is below 1 %, suggesting that community exploitation is expected to be low. The vulnerability is not listed in the CISA KEV catalog. Attackers must possess author‑level or higher credentials and trigger the url_media_uploader_url_upload action. No public exploit has been reported, but the potential to access internal infrastructure makes the risk materialized if an attacker has the required permissions. Organizations should treat this as a moderate risk but prepare remediation promptly.

Generated by OpenCVE AI on April 22, 2026 at 02:01 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the URL Media Uploader plugin to a release that includes the SSRF fix (for example, version 1.0.1 or later; verify the patch notes on the WordPress plugin repository).
  • If an update is unavailable, remove or disable the URL Media Uploader plugin to eliminate the vulnerable code path.
  • Implement firewall rules or network segmentation to block outbound requests from the web application to internal IP ranges, reducing the impact of potential SSRF attacks.

Generated by OpenCVE AI on April 22, 2026 at 02:01 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-5503 The URL Media Uploader plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.0.0 via the 'url_media_uploader_url_upload' action. This makes it possible for authenticated attackers, with author-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.
History

Wed, 08 Apr 2026 19:30:00 +0000

Type Values Removed Values Added
First Time appeared Apprhyme
Apprhyme url Media Uploader
CPEs cpe:2.3:a:apprhyme:url_media_uploader:*:*:*:*:*:wordpress:*:*
Vendors & Products Apprhyme
Apprhyme url Media Uploader

Wed, 08 Apr 2026 18:30:00 +0000

Type Values Removed Values Added
References

Tue, 04 Mar 2025 03:45:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 28 Feb 2025 08:30:00 +0000

Type Values Removed Values Added
Description The URL Media Uploader plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.0.0 via the 'url_media_uploader_url_upload' action. This makes it possible for authenticated attackers, with author-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.
Title URL Media Uploader <= 1.0.0 - Authenticated (Author+) Server-Side Request Forgery via DNS Rebinding
Weaknesses CWE-918
References
Metrics cvssV3_1

{'score': 6.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N'}

Subscriptions

Apprhyme Url Media Uploader
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published:

Updated: 2026-04-08T17:15:25.032Z

Reserved: 2025-02-24T20:31:21.592Z

Link: CVE-2025-1662

cve-icon Vulnrichment

Updated: 2025-02-28T14:47:59.700Z

cve-icon NVD

Status : Modified

Published: 2025-02-28T09:15:12.373

Modified: 2026-04-08T19:23:50.687

Link: CVE-2025-1662

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-22T02:15:05Z

Weaknesses