Description
Server-Side Request Forgery (SSRF) vulnerability in Codeless Slider Templates slider-templates allows Server Side Request Forgery.This issue affects Slider Templates: from n/a through <= 1.0.3.
Published: 2025-10-27
Score: 4.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

This vulnerability is a Server Side Request Forgery in the Codeless Slider Templates plugin for WordPress. An attacker that can trigger the plugin to send requests could force the affected WordPress server to reach arbitrary URLs. Depending on the internal network topology, the attacker might retrieve sensitive information or interact with internal services, enabling further compromise. The weakness corresponds to CWE-918.

Affected Systems

The issue affects WordPress sites running the Slider Templates plugin from Codeless, versions up through and including 1.0.3. Any installation of those versions is potentially vulnerable; newer versions are not listed as affected.

Risk and Exploitability

The CVSS score of 4.9 reflects a low severity impact, and the EPSS value of less than 1% indicates a very low expected exploitation probability. The vulnerability is not included in the CISA KEV catalog. Exploitation would require an attacker to access the WordPress site and manipulate the plugin's request handling, which is generally accessible to authenticated administrators or through public entry points. The risk to confidentiality, integrity, or availability is limited unless the server can reach critical internal resources.

Generated by OpenCVE AI on April 29, 2026 at 20:25 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Slider Templates plugin to the latest available version (1.0.4 or newer).
  • If upgrading is temporarily infeasible, disable or uninstall the plugin to stop the SSRF vector.
  • Apply network firewall rules or security controls to block outbound requests to internal IP ranges that should not be accessible from the web server.

Generated by OpenCVE AI on April 29, 2026 at 20:25 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 4.9, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N'}

 cvssV3_1

{'score': 4.9, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N'}

Tue, 20 Jan 2026 15:30:00 +0000

Type Values Removed Values Added
References

Tue, 20 Jan 2026 14:45:00 +0000

Type Values Removed Values Added
References

Thu, 13 Nov 2025 11:30:00 +0000

Type Values Removed Values Added
References

Thu, 13 Nov 2025 10:45:00 +0000

Type Values Removed Values Added
References

Mon, 27 Oct 2025 22:30:00 +0000

Type Values Removed Values Added
First Time appeared Wordpress
Wordpress wordpress
Vendors & Products Wordpress
Wordpress wordpress

Mon, 27 Oct 2025 15:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 4.9, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 27 Oct 2025 02:00:00 +0000

Type Values Removed Values Added
Description Server-Side Request Forgery (SSRF) vulnerability in Codeless Slider Templates slider-templates allows Server Side Request Forgery.This issue affects Slider Templates: from n/a through <= 1.0.3.
Title WordPress Slider Templates plugin <= 1.0.3 - Server Side Request Forgery (SSRF) vulnerability
Weaknesses CWE-918
References

Subscriptions

Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:14:07.658Z

Reserved: 2025-10-24T14:25:13.438Z

Link: CVE-2025-62988

cve-icon Vulnrichment

Updated: 2025-10-27T14:47:07.521Z

cve-icon NVD

Status : Deferred

Published: 2025-10-27T02:15:59.860

Modified: 2026-04-27T17:16:39.930

Link: CVE-2025-62988

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-29T20:30:19Z

Weaknesses