Description
Server-Side Request Forgery (SSRF) vulnerability in ShawonPro SocialMark socialmark allows Server Side Request Forgery.This issue affects SocialMark: from n/a through <= 2.0.7.
Published: 2025-06-06
Score: 4.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability in the ShawonPro SocialMark plugin allows an attacker to trigger a Server Side Request Forgery (SSRF). An unauthorized user could supply a crafted URL to the plugin, causing the WordPress server to make outbound HTTP(S) requests to arbitrary destinations. This could expose internal network resources or exfiltrate data, as the server executes the request with its own network privileges. The weakness is identified as CWE-918.

Affected Systems

The affected product is the ShawonPro SocialMark WordPress plugin. All released versions up to and including 2.0.7 are impacted. Users running any version 2.0.7 or older must assess whether the plugin is in use on their sites.

Risk and Exploitability

The CVSS score is 4.9 and the EPSS score is less than 1%, indicating a low overall severity and a very low probability of exploitation. The vulnerability is not listed in the CISA KEV catalog. The likely attack vector is via the plugin’s exposed web interface, where a remote attacker can submit a malicious URL. Even with the low likelihood, any attacker who successfully triggers SSRF could force the server to access internal resources or traffic in defiance of normal security controls. Therefore, applying a patch or otherwise disabling the vulnerable functionality remains the most prudent response.

Generated by OpenCVE AI on April 30, 2026 at 18:14 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the ShawonPro SocialMark plugin to version 2.0.8 or later as soon as possible.
  • If an upgrade cannot be performed immediately, deactivate or uninstall the SocialMark plugin to remove the SSRF entry point.
  • Implement network segmentation or firewall rules that restrict outbound HTTP(S) traffic from the WordPress host, limiting the destinations that can be accessed via the SSRF‑affected endpoint.

Generated by OpenCVE AI on April 30, 2026 at 18:14 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-17186 Server-Side Request Forgery (SSRF) vulnerability in ShawonPro SocialMark allows Server Side Request Forgery. This issue affects SocialMark: from n/a through 2.0.7.
History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 4.9, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Server-Side Request Forgery (SSRF) vulnerability in ShawonPro SocialMark allows Server Side Request Forgery. This issue affects SocialMark: from n/a through 2.0.7. Server-Side Request Forgery (SSRF) vulnerability in ShawonPro SocialMark socialmark allows Server Side Request Forgery.This issue affects SocialMark: from n/a through <= 2.0.7.
Title WordPress SocialMark <= 2.0.7 - Server Side Request Forgery (SSRF) Vulnerability WordPress SocialMark plugin <= 2.0.7 - Server Side Request Forgery (SSRF) Vulnerability
References
Metrics cvssV3_1

{'score': 4.9, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N'}

Fri, 06 Jun 2025 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 06 Jun 2025 13:15:00 +0000

Type Values Removed Values Added
Description Server-Side Request Forgery (SSRF) vulnerability in ShawonPro SocialMark allows Server Side Request Forgery. This issue affects SocialMark: from n/a through 2.0.7.
Title WordPress SocialMark <= 2.0.7 - Server Side Request Forgery (SSRF) Vulnerability
Weaknesses CWE-918
References
Metrics cvssV3_1

{'score': 4.9, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:11:52.836Z

Reserved: 2025-03-11T08:11:02.522Z

Link: CVE-2025-29008

cve-icon Vulnrichment

Updated: 2025-06-06T15:06:18.480Z

cve-icon NVD

Status : Deferred

Published: 2025-06-06T13:15:30.970

Modified: 2026-04-23T15:26:46.540

Link: CVE-2025-29008

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-30T18:15:06Z

Weaknesses