Description
Server-Side Request Forgery (SSRF) vulnerability in WPWebinarSystem WebinarPress wp-webinarsystem allows Server Side Request Forgery.This issue affects WebinarPress: from n/a through <= 1.33.28.
Published: 2025-05-07
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

WordPress WebinarPress plugin contains a Server Side Request Forgery (SSRF) vulnerability that allows an attacker to instruct the WordPress server to make arbitrary HTTP or HTTPS requests to internal or external resources. An exploit could expose internal network services, retrieve sensitive data, and potentially serve as a foothold for more advanced attacks if the data retrieved can be leveraged further.

Affected Systems

The vulnerability applies to the WordPress WebinarPress plugin developed by WPWebinarSystem for any installations running version 1.33.28 or earlier. Any WordPress site with this plugin version installed is at risk until the plugin is updated beyond 1.33.28 or removed.

Risk and Exploitability

The CVSS score of 5.5 indicates a moderate severity, while the EPSS score of less than 1% suggests the likelihood of exploitation is currently low. The vulnerability has not been reported by CISA in the KEV catalog. The attack vector is likely a crafted web request sent to the vulnerable endpoint, where improper validation of user‑supplied URLs enables the server to access arbitrary addresses.

Generated by OpenCVE AI on April 30, 2026 at 13:16 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade WebinarPress to a version newer than 1.33.28 when available.
  • If an upgrade is not possible immediately, disable or uninstall the plugin until a patched version is released.
  • Configure network‑level firewalls or application gateways to restrict outbound HTTP/HTTPS traffic from the web server to only trusted destinations, thereby limiting the impact of any SSRF attempt.

Generated by OpenCVE AI on April 30, 2026 at 13:16 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-13751 Server-Side Request Forgery (SSRF) vulnerability in WPWebinarSystem WebinarPress allows Server Side Request Forgery. This issue affects WebinarPress: from n/a through 1.33.27.
History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

 cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Server-Side Request Forgery (SSRF) vulnerability in WPWebinarSystem WebinarPress allows Server Side Request Forgery. This issue affects WebinarPress: from n/a through 1.33.27. Server-Side Request Forgery (SSRF) vulnerability in WPWebinarSystem WebinarPress wp-webinarsystem allows Server Side Request Forgery.This issue affects WebinarPress: from n/a through <= 1.33.28.
Title WordPress WebinarPress <= 1.33.27 - Server Side Request Forgery (SSRF) Vulnerability WordPress WebinarPress plugin <= 1.33.28 - Server Side Request Forgery (SSRF) Vulnerability
References
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N'}

 cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Mon, 14 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.00038}

 epss

{'score': 0.0004}

Mon, 12 May 2025 20:15:00 +0000

Type Values Removed Values Added
First Time appeared Webinarpress
Webinarpress webinarpress
CPEs cpe:2.3:a:webinarpress:webinarpress:*:*:*:*:*:wordpress:*:*
Vendors & Products Webinarpress
Webinarpress webinarpress

Wed, 07 May 2025 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 07 May 2025 14:45:00 +0000

Type Values Removed Values Added
Description Server-Side Request Forgery (SSRF) vulnerability in WPWebinarSystem WebinarPress allows Server Side Request Forgery. This issue affects WebinarPress: from n/a through 1.33.27.
Title WordPress WebinarPress <= 1.33.27 - Server Side Request Forgery (SSRF) Vulnerability
Weaknesses CWE-918
References
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N'}

Subscriptions

Webinarpress Webinarpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-05-12T00:16:10.903Z

Reserved: 2025-05-07T10:44:48.426Z

Link: CVE-2025-47635

cve-icon Vulnrichment

Updated: 2025-05-07T17:19:22.848Z

cve-icon NVD

Status : Modified

Published: 2025-05-07T15:16:16.637

Modified: 2026-04-23T15:30:39.110

Link: CVE-2025-47635

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-30T13:30:15Z

Weaknesses