Description
Server-Side Request Forgery (SSRF) vulnerability in Derek Springer BeerXML Shortcode beerxml-shortcode allows Server Side Request Forgery.This issue affects BeerXML Shortcode: from n/a through <= 0.7.1.
Published: 2025-04-24
Score: 6.4 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The BeerXML Shortcode plugin for WordPress contains a Server‑Side Request Forgery flaw that permits an attacker to instruct the server to perform arbitrary HTTP requests. The vulnerability is triggered when user input is forwarded to an internal request function without adequate validation, making it possible to reach internal or external resources the server can access. Exploitation could expose confidential data or facilitate further attacks such as remote code execution on downstream services. This weakness is classified under CWE‑918.

Affected Systems

All releases of the BeerXML Shortcode plugin from the initial version up through 0.7.1 are affected. Sites that have installed or enabled the plugin and have not upgraded beyond 0.7.1 are vulnerable.

Risk and Exploitability

The CVSS v3 base score is 6.4, reflecting moderate severity. The EPSS score indicates less than 1% probability of exploitation, suggesting that the vulnerability is currently rarely targeted. The issue is not present in the CISA KEV catalog. An attacker can exploit the flaw remotely via a specially crafted request to the plugin’s endpoint; no special credentials are required if the endpoint is publicly accessible. Despite the low exploitation likelihood, the potential impact on confidentiality and integrity warrants a timely fix.

Generated by OpenCVE AI on April 30, 2026 at 20:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install the latest BeerXML Shortcode plugin version (v0.8.0 or newer) to eliminate the SSRF flaw.
  • If an update is unavailable, restrict access to the plugin’s shortcode endpoint by requiring user authentication or limiting the request source IPs.
  • Use a web application firewall or network segmentation to block outbound requests to internal private IP ranges originating from the web server.
  • Audit server logs for unexpected outbound HTTP traffic and enforce policy to block suspicious endpoints.

Generated by OpenCVE AI on April 30, 2026 at 20:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-12015 Server-Side Request Forgery (SSRF) vulnerability in Derek Springer BeerXML Shortcode allows Server Side Request Forgery. This issue affects BeerXML Shortcode: from n/a through 0.71.
History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 6.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Server-Side Request Forgery (SSRF) vulnerability in Derek Springer BeerXML Shortcode allows Server Side Request Forgery. This issue affects BeerXML Shortcode: from n/a through 0.71. Server-Side Request Forgery (SSRF) vulnerability in Derek Springer BeerXML Shortcode beerxml-shortcode allows Server Side Request Forgery.This issue affects BeerXML Shortcode: from n/a through <= 0.7.1.
Title WordPress BeerXML Shortcode <= 0.71 - Server Side Request Forgery (SSRF) Vulnerability WordPress BeerXML Shortcode plugin <= 0.7.1 - Server Side Request Forgery (SSRF) Vulnerability
References
Metrics cvssV3_1

{'score': 6.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N'}

Thu, 24 Apr 2025 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 24 Apr 2025 16:15:00 +0000

Type Values Removed Values Added
Description Server-Side Request Forgery (SSRF) vulnerability in Derek Springer BeerXML Shortcode allows Server Side Request Forgery. This issue affects BeerXML Shortcode: from n/a through 0.71.
Title WordPress BeerXML Shortcode <= 0.71 - Server Side Request Forgery (SSRF) Vulnerability
Weaknesses CWE-918
References
Metrics cvssV3_1

{'score': 6.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:12:39.705Z

Reserved: 2025-04-24T14:23:11.074Z

Link: CVE-2025-46511

cve-icon Vulnrichment

Updated: 2025-04-24T19:52:20.722Z

cve-icon NVD

Status : Deferred

Published: 2025-04-24T16:15:42.250

Modified: 2026-04-23T15:30:08.773

Link: CVE-2025-46511

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-30T21:00:15Z

Weaknesses