Description
Server-Side Request Forgery (SSRF) vulnerability in Adam Pery Animate animate allows Server Side Request Forgery.This issue affects Animate: from n/a through <= 0.5.
Published: 2025-04-24
Score: 4.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The Animate plugin for WordPress contains an SSRF flaw (CWE‑918) that allows the plugin to send requests to arbitrary URLs on behalf of the server. The flaw permits an attacker to trigger these requests without requiring additional privileges beyond the ability to interact with the vulnerable plugin.

Affected Systems

WordPress installations that have the Adam Pery Animate plugin version 0.5 or earlier are affected. No specific WordPress core versions are cited, and only the presence of the vulnerable plugin is required for the flaw to exist.

Risk and Exploitability

The CVSS score of 4.9 indicates a moderate severity rating. The EPSS score of less than 1 % points to a low likelihood of exploitation. The vulnerability is not included in CISA’s KEV catalogue, reducing the urgency for immediate action. The CVE data does not specify the exact attack vector or conditions beyond the plugin’s request functionality; it is inferred that exploitation would require input of a target URL through that functionality.

Generated by OpenCVE AI on May 2, 2026 at 08:31 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Animate plugin to a version newer than 0.5 if a fix has been released by the vendor.
  • If an upgrade is not available, remove the Animate plugin from the WordPress installation to eliminate the vulnerability.
  • If removal is not possible, permanently disable the plugin in the WordPress admin area to stop SSRF attempts.

Generated by OpenCVE AI on May 2, 2026 at 08:31 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-12061 Server-Side Request Forgery (SSRF) vulnerability in Adam Pery Animate allows Server Side Request Forgery. This issue affects Animate: from n/a through 0.5.
History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 4.9, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Server-Side Request Forgery (SSRF) vulnerability in Adam Pery Animate allows Server Side Request Forgery. This issue affects Animate: from n/a through 0.5. Server-Side Request Forgery (SSRF) vulnerability in Adam Pery Animate animate allows Server Side Request Forgery.This issue affects Animate: from n/a through <= 0.5.
Title WordPress Animate <= 0.5 - Server Side Request Forgery (SSRF) Vulnerability WordPress Animate plugin <= 0.5 - Server Side Request Forgery (SSRF) Vulnerability
References
Metrics cvssV3_1

{'score': 4.9, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N'}

Fri, 25 Apr 2025 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 24 Apr 2025 16:15:00 +0000

Type Values Removed Values Added
Description Server-Side Request Forgery (SSRF) vulnerability in Adam Pery Animate allows Server Side Request Forgery. This issue affects Animate: from n/a through 0.5.
Title WordPress Animate <= 0.5 - Server Side Request Forgery (SSRF) Vulnerability
Weaknesses CWE-918
References
Metrics cvssV3_1

{'score': 4.9, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:12:37.662Z

Reserved: 2025-04-24T14:22:09.616Z

Link: CVE-2025-46443

cve-icon Vulnrichment

Updated: 2025-04-24T19:55:38.155Z

cve-icon NVD

Status : Deferred

Published: 2025-04-24T16:15:35.503

Modified: 2026-04-23T15:29:59.967

Link: CVE-2025-46443

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-02T08:45:38Z

Weaknesses