CVE-2025-30997 - Vulnerability Details

- WordPress Car Repair Services theme <= 5.0 - Server Side Request Forgery (SSRF) Vulnerability

Description

Server-Side Request Forgery (SSRF) vulnerability in SmartDataSoft Car Repair Services car-repair-services allows Server Side Request Forgery.This issue affects Car Repair Services: from n/a through <= 5.0.

Published: 2025-06-06

Score: 5.4 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The vulnerability permits a remote attacker to cause the WordPress server to issue HTTP requests to arbitrary URLs. The SSRF flaw can be triggered by sending crafted requests to the compromised installation, resulting in the server initiating outbound connections. This does not provide direct code execution or privilege escalation, but it exposes the server to sending requests to undesignated destinations.

Affected Systems

All installations of the SmartDataSoft Car Repair Services theme for WordPress with a version of 5.0 or earlier are susceptible. Any site that has installed this theme within that version range is affected.

Risk and Exploitability

The CVSS score of 5.4 indicates moderate severity. The EPSS score of <1% suggests a very low likelihood of exploitation, and the vulnerability is not listed in the CISA KEV catalog. Attackers would perform the SSRF by targeting the WordPress site, after which the server would make outbound HTTP or HTTPS calls to the supplied URLs.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

SmartDataSoft

Car Repair Services

unaffected

Version	Status	Constraints
`0`	affected	≤ 5.0

No data.

No data available yet.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Update the SmartDataSoft Car Repair Services theme to the latest available version that contains the SSRF fix.
If an immediate update cannot be performed, enforce network-level restrictions that block outbound HTTP and HTTPS traffic from the WordPress web server to internal or suspicious destinations.
Configure the theme (or a security plugin) to validate any URLs before making outbound requests, allowing only trusted domains or a defined whitelist.

Generated by OpenCVE AI on May 1, 2026 at 07:55 UTC.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2025-17237	Server-Side Request Forgery (SSRF) vulnerability in SmartDataSoft Car Repair Services allows Server Side Request Forgery. This issue affects Car Repair Services: from n/a through 5.0.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00164.

Exploitation none

Automatable no

Technical Impact partial

References

Link	Providers
https://patchstack.com/database/Wordpress/Theme/car-repair-services/vulnerability/wordpress-car-repair-services-5-0-server-side-request-forgery-ssrf-vulnerability?_s_id=cve

History

Thu, 23 Apr 2026 15:00:00 +0000

Type	Values Removed	Values Added
Metrics		cvssV3_1 `{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N'}`

Wed, 01 Apr 2026 23:45:00 +0000

Type	Values Removed	Values Added
Description	Server-Side Request Forgery (SSRF) vulnerability in SmartDataSoft Car Repair Services allows Server Side Request Forgery. This issue affects Car Repair Services: from n/a through 5.0.	Server-Side Request Forgery (SSRF) vulnerability in SmartDataSoft Car Repair Services car-repair-services allows Server Side Request Forgery.This issue affects Car Repair Services: from n/a through <= 5.0.
Title	WordPress Car Repair Services <= 5.0 - Server Side Request Forgery (SSRF) Vulnerability	WordPress Car Repair Services theme <= 5.0 - Server Side Request Forgery (SSRF) Vulnerability
References	https://patchstack.com/database/wordpress/theme/car-repair-services/vulnerability/wordpress-car-repair-services-5-0-server-side-request-forgery-ssrf-vulnerability?_s_id=cve	https://patchstack.com/database/Wordpress/Theme/car-repair-services/vulnerability/wordpress-car-repair-services-5-0-server-side-request-forgery-ssrf-vulnerability?_s_id=cve
Metrics	cvssV3_1 `{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N'}`

Fri, 06 Jun 2025 16:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Fri, 06 Jun 2025 13:15:00 +0000

Type	Values Removed	Values Added
Description		Server-Side Request Forgery (SSRF) vulnerability in SmartDataSoft Car Repair Services allows Server Side Request Forgery. This issue affects Car Repair Services: from n/a through 5.0.
Title		WordPress Car Repair Services <= 5.0 - Server Side Request Forgery (SSRF) Vulnerability
Weaknesses		CWE-918
References		https://patchstack.com/database/wordpress/theme/car-repair-services/vulnerability/wordpress-car-repair-services-5-0-server-side-request-forgery-ssrf-vulnerability?_s_id=cve
Metrics		cvssV3_1 `{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N'}`

Subscriptions

No data.

MITRE

Status: PUBLISHED

Assigner: Patchstack

Published: 2025-06-06T12:54:00.439Z

Updated: 2026-04-28T16:12:03.328Z

Reserved: 2025-03-26T09:22:48.161Z

Link: CVE-2025-30997

Vulnrichment

Updated: 2025-06-06T15:13:27.565Z

NVD

Status : Deferred

Published: 2025-06-06T13:15:38.983

Modified: 2026-04-23T15:27:29.827

Link: CVE-2025-30997

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-05-01T08:00:13Z

Weaknesses

CWE-918

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object