A Server Side Request Forgery flaw exists in the Electrician - Electrical Service WordPress theme via SmartDataSoft. The vulnerability originates from an improperly validated server‑side request that allows an attacker to instruct the site to fetch arbitrary URLs. The associated weakness is CWE‑918. If exploited, an attacker could cause the site to contact internal or external endpoints, potentially leaking sensitive data, triggering internal processes, or accessing resources not intended for public use. The impact includes compromising confidentiality, integrity, or availability of internal services accessed through the theme’s request handling.

SmartDataSoft’s Electrician - Electrical Service WordPress theme is affected for all releases up to and including version 5.6. Systems deploying this theme with any major or minor version equal to or less than 5.6 are potentially vulnerable. The issue does not specifically list newer versions, so all those previous releases remain at risk.

The CVSS score of 5.4 indicates moderate severity. The EPSS score is less than 1%, denoting a very low likelihood of exploitation at the time of this analysis. The vulnerability is not currently cataloged in the CISA Known Exploited Vulnerabilities catalog. The likely attack vector is a remote, publicly accessible request that triggers the theme’s server‑side request capability. While the description does not detail authentication requirements or network isolation, SSRF flaws typically exploit remote code execution paths that are reachable over the web.