CVE-2025-47484 - Vulnerability Details - OpenCVE

Server-Side Request Forgery (SSRF) vulnerability in Oliver Campion Display Remote Posts Block allows Server Side Request Forgery. This issue affects Display Remote Posts Block: from n/a through 1.1.0.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00046.

Exploitation none

Automatable no

Technical Impact partial

No data.

No data.

No data.

No data.

Fixes

Solution

Update the WordPress Display Remote Posts Block plugin to the latest available version (at least 1.1.1).

Workaround

No workaround given by the vendor.

References

Link	Providers
https://patchstack.com/database/wordpress/plugin/display-remote-posts-block/vulnerability/wordpress-display-remote-posts-block-1-1-0-server-side-request-forgery-ssrf-vulnerability?_s_id=cve

History

Mon, 14 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.00032}`	epss `{'score': 0.00037}`

Thu, 08 May 2025 17:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 07 May 2025 14:30:00 +0000

Type	Values Removed	Values Added
Description		Server-Side Request Forgery (SSRF) vulnerability in Oliver Campion Display Remote Posts Block allows Server Side Request Forgery. This issue affects Display Remote Posts Block: from n/a through 1.1.0.
Title		WordPress Display Remote Posts Block <= 1.1.0 - Server Side Request Forgery (SSRF) Vulnerability
Weaknesses		CWE-918
References		https://patchstack.com/database/wordpress/plugin/display-remote-posts-block/vulnerability/wordpress-display-remote-posts-block-1-1-0-server-side-request-forgery-ssrf-vulnerability?_s_id=cve
Metrics		cvssV3_1 `{'score': 6.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N'}`

MITRE

Status: PUBLISHED

Assigner: Patchstack

Published: 2025-05-07T14:19:49.070Z

Updated: 2025-05-08T16:18:56.095Z

Reserved: 2025-05-07T09:39:08.090Z

Link: CVE-2025-47484

Vulnrichment

Updated: 2025-05-08T16:18:53.126Z

NVD

Status : Awaiting Analysis

Published: 2025-05-07T15:16:02.647

Modified: 2025-05-08T14:39:18.800

Link: CVE-2025-47484

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-47484", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2025-05-07T09:39:08.090Z", "datePublished": "2025-05-07T14:19:49.070Z", "dateUpdated": "2025-05-08T16:18:56.095Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2025-05-07T14:19:49.070Z"}, "title": "WordPress Display Remote Posts Block <= 1.1.0 - Server Side Request Forgery (SSRF) Vulnerability", "problemTypes": [{"descriptions": [{"cweId": "CWE-918", "description": "CWE-918 Server-Side Request Forgery (SSRF)", "lang": "en", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-664", "descriptions": [{"lang": "en", "value": "CAPEC-664 Server Side Request Forgery"}]}], "affected": [{"vendor": "Oliver Campion", "collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "display-remote-posts-block", "product": "Display Remote Posts Block", "versions": [{"lessThanOrEqual": "1.1.0", "status": "affected", "version": "n/a", "versionType": "custom", "changes": [{"at": "1.1.1", "status": "unaffected"}]}]}], "descriptions": [{"lang": "en", "value": "Server-Side Request Forgery (SSRF) vulnerability in Oliver Campion Display Remote Posts Block allows Server Side Request Forgery. This issue affects Display Remote Posts Block: from n/a through 1.1.0.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>Server-Side Request Forgery (SSRF) vulnerability in Oliver Campion Display Remote Posts Block allows Server Side Request Forgery.</p><p>This issue affects Display Remote Posts Block: from n/a through 1.1.0.</p>"}]}], "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/wordpress/plugin/display-remote-posts-block/vulnerability/wordpress-display-remote-posts-block-1-1-0-server-side-request-forgery-ssrf-vulnerability?_s_id=cve"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"baseScore": 6.4, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "baseSeverity": "MEDIUM", "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "version": "3.1"}}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Update the WordPress Display Remote Posts Block plugin to the latest available version (at least 1.1.1)."}], "value": "Update the WordPress Display Remote Posts Block plugin to the latest available version (at least 1.1.1)."}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "theviper17 (Patchstack Alliance)"}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-05-08T16:18:48.964175Z", "id": "CVE-2025-47484", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-08T16:18:56.095Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-47484", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-05-08T16:18:48.964175Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-08T16:18:53.126Z"}}], "cna": {"title": "WordPress Display Remote Posts Block <= 1.1.0 - Server Side Request Forgery (SSRF) Vulnerability", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "theviper17 (Patchstack Alliance)"}], "impacts": [{"capecId": "CAPEC-664", "descriptions": [{"lang": "en", "value": "CAPEC-664 Server Side Request Forgery"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Oliver Campion", "product": "Display Remote Posts Block", "versions": [{"status": "affected", "changes": [{"at": "1.1.1", "status": "unaffected"}], "version": "n/a", "versionType": "custom", "lessThanOrEqual": "1.1.0"}], "packageName": "display-remote-posts-block", "collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Update the WordPress Display Remote Posts Block plugin to the latest available version (at least 1.1.1).", "supportingMedia": [{"type": "text/html", "value": "Update the WordPress Display Remote Posts Block plugin to the latest available version (at least 1.1.1).", "base64": false}]}], "references": [{"url": "https://patchstack.com/database/wordpress/plugin/display-remote-posts-block/vulnerability/wordpress-display-remote-posts-block-1-1-0-server-side-request-forgery-ssrf-vulnerability?_s_id=cve", "tags": ["vdb-entry"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Server-Side Request Forgery (SSRF) vulnerability in Oliver Campion Display Remote Posts Block allows Server Side Request Forgery. This issue affects Display Remote Posts Block: from n/a through 1.1.0.", "supportingMedia": [{"type": "text/html", "value": "<p>Server-Side Request Forgery (SSRF) vulnerability in Oliver Campion Display Remote Posts Block allows Server Side Request Forgery.</p><p>This issue affects Display Remote Posts Block: from n/a through 1.1.0.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-918", "description": "CWE-918 Server-Side Request Forgery (SSRF)"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2025-05-07T14:19:49.070Z"}}}, "cveMetadata": {"cveId": "CVE-2025-47484", "state": "PUBLISHED", "dateUpdated": "2025-05-08T16:18:56.095Z", "dateReserved": "2025-05-07T09:39:08.090Z", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "datePublished": "2025-05-07T14:19:49.070Z", "assignerShortName": "Patchstack"}, "dataVersion": "5.1"}