Description
Server-Side Request Forgery (SSRF) vulnerability in Binsaifullah Beaf image-compare-block allows Server Side Request Forgery.This issue affects Beaf: from n/a through <= 1.6.2.
Published: 2025-09-22
Score: 4.4 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The flaw is a Server Side Request Forgery vulnerability identified as CWE‑918 in the Binsaifullah Beaf image‑compare‑block plugin. It permits an attacker to instruct the server to retrieve arbitrary resources over HTTP or HTTPS, potentially revealing internal data or accessing services in the host’s environment.

Affected Systems

The affected product is the Binsaifullah Beaf WordPress plugin, specifically version 1.6.2 and all earlier releases. No particular operating system or platform restrictions are listed; the issue exists wherever the plugin is installed and operational.

Risk and Exploitability

The CVSS score of 4.4 indicates a low to moderate severity, and the EPSS score of less than 1 % suggests exploitation is currently unlikely. The vulnerability is not listed in the CISA KEV catalog. Based on the description and the nature of SSRF, the most probable attack vector involves an attacker sending a specially crafted request to the plugin’s interface or API, which then triggers the server to make outbound calls to arbitrary URLs. Successful exploitation would allow the attacker to probe internal or externally reachable resources through the server’s outbound connectivity.

Generated by OpenCVE AI on May 1, 2026 at 06:18 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Binsaifullah Beaf to a version newer than 1.6.2.
  • If an upgrade cannot be performed immediately, limit the plugin’s outbound network requests to a trusted domain whitelist or otherwise restrict them so that only approved addresses can be accessed.
  • Implement network‑level filtering or firewall rules that prevent the web server from initiating outbound connections to untrusted or internal networks during the remediation period.

Generated by OpenCVE AI on May 1, 2026 at 06:18 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-30765 Server-Side Request Forgery (SSRF) vulnerability in Binsaifullah Beaf allows Server Side Request Forgery. This issue affects Beaf: from n/a through 1.6.2.
History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 4.4, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Server-Side Request Forgery (SSRF) vulnerability in Binsaifullah Beaf allows Server Side Request Forgery. This issue affects Beaf: from n/a through 1.6.2. Server-Side Request Forgery (SSRF) vulnerability in Binsaifullah Beaf image-compare-block allows Server Side Request Forgery.This issue affects Beaf: from n/a through <= 1.6.2.
References
Metrics cvssV3_1

{'score': 4.4, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N'}

Tue, 23 Sep 2025 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 23 Sep 2025 16:15:00 +0000

Type Values Removed Values Added
First Time appeared Wordpress
Wordpress wordpress
Vendors & Products Wordpress
Wordpress wordpress

Mon, 22 Sep 2025 18:45:00 +0000

Type Values Removed Values Added
Description Server-Side Request Forgery (SSRF) vulnerability in Binsaifullah Beaf allows Server Side Request Forgery. This issue affects Beaf: from n/a through 1.6.2.
Title WordPress Beaf Plugin <= 1.6.2 - Server Side Request Forgery (SSRF) Vulnerability
Weaknesses CWE-918
References
Metrics cvssV3_1

{'score': 4.4, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N'}

Subscriptions

Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:13:25.557Z

Reserved: 2025-06-30T10:46:37.789Z

Link: CVE-2025-53461

cve-icon Vulnrichment

Updated: 2025-09-23T20:21:15.382Z

cve-icon NVD

Status : Deferred

Published: 2025-09-22T19:15:43.180

Modified: 2026-04-23T15:32:34.370

Link: CVE-2025-53461

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-01T06:30:10Z

Weaknesses