Description
Server-Side Request Forgery (SSRF) vulnerability in kodeshpa Simplified simplified allows Server Side Request Forgery.This issue affects Simplified: from n/a through <= 1.0.11.
Published: 2025-08-14
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a Server‑Side Request Forgery flaw that allows an external attacker to force the Simplified plugin to send arbitrary HTTP requests on the server’s behalf. An attacker could retrieve sensitive data from internal services, interact with administrative endpoints, or uncover network topology, all without direct access to the WordPress host. The weakness is identified as CWE‑918 and is limited to the plugin’s request logic.

Affected Systems

WordPress plugin Simplified, version 1.0.11 or earlier, provided by kodeshpa. Any installation of the plugin on a WordPress site using these versions is affected.

Risk and Exploitability

The CVSS score of 5.5 reflects a moderate severity, and the EPSS score of less than 1% indicates a low probability of exploitation at the time of analysis. The vulnerability is not listed in CISA’s KEV catalog. The likely attack vector is unauthenticated remote exploitation, where a malicious request includes a specially crafted URL to provoke the SSRF. If the site is exposed to the Internet, attackers can potentially map internal networks or pull confidential data by requesting internal resources.

Generated by OpenCVE AI on April 30, 2026 at 08:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Simplified plugin to any version newer than 1.0.11
  • If upgrading is not immediately possible, restrict outbound network traffic from the WordPress server or block access to internal IP ranges via firewall or network segmentation
  • Monitor server logs for unexpected outbound HTTP requests that may indicate exploitation attempts

Generated by OpenCVE AI on April 30, 2026 at 08:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-24894 Server-Side Request Forgery (SSRF) vulnerability in kodeshpa Simplified allows Server Side Request Forgery. This issue affects Simplified: from n/a through 1.0.9.
History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Server-Side Request Forgery (SSRF) vulnerability in kodeshpa Simplified allows Server Side Request Forgery. This issue affects Simplified: from n/a through 1.0.9. Server-Side Request Forgery (SSRF) vulnerability in kodeshpa Simplified simplified allows Server Side Request Forgery.This issue affects Simplified: from n/a through <= 1.0.11.
Title WordPress Simplified Plugin <= 1.0.9 - Server Side Request Forgery (SSRF) Vulnerability WordPress Simplified plugin <= 1.0.11 - Server Side Request Forgery (SSRF) vulnerability
References
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N'}

Sat, 16 Aug 2025 21:45:00 +0000

Type Values Removed Values Added
First Time appeared Kodeshpa
Kodeshpa simplified Plugin
Wordpress
Wordpress wordpress
Vendors & Products Kodeshpa
Kodeshpa simplified Plugin
Wordpress
Wordpress wordpress

Thu, 14 Aug 2025 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 14 Aug 2025 18:30:00 +0000

Type Values Removed Values Added
Description Server-Side Request Forgery (SSRF) vulnerability in kodeshpa Simplified allows Server Side Request Forgery. This issue affects Simplified: from n/a through 1.0.9.
Title WordPress Simplified Plugin <= 1.0.9 - Server Side Request Forgery (SSRF) Vulnerability
Weaknesses CWE-918
References
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N'}

Subscriptions

Kodeshpa Simplified Plugin
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-05-12T00:32:01.937Z

Reserved: 2025-06-27T10:28:11.949Z

Link: CVE-2025-53241

cve-icon Vulnrichment

Updated: 2025-08-14T20:06:38.266Z

cve-icon NVD

Status : Deferred

Published: 2025-08-14T19:15:35.060

Modified: 2026-04-23T15:32:20.427

Link: CVE-2025-53241

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-30T09:00:20Z

Weaknesses