CVE Field Guide
About Us
CVE-2025-60175
PUBLISHED
WordPress PopAd Plugin <= 1.0.4 - Server Side Request Forgery (SSRF) Vulnerability
Assigner:
Patchstack
Reserved:
25.09.2025
Published:
15.06.2026
Updated:
16.06.2026
Administrator Server Side Request Forgery (SSRF) in PopAd <= 1.0.4 versions.
Metrics
CVSS 3.1
CVSS Vector:
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
CVSS Score:
4.4
CVSS score
4.4
Attack Vector
Network
Scope
Changed
Attack Complexity
High
Confidentiality Impact
Low
Privileges Required
High
Integrity Impact
Low
User Interaction
None
Availability Impact
None
CVSS 3.1
Product Status
Vendor
vynnus
Product
PopAd
Versions
Default:
unaffected
affected from n/a to 1.0.4 (incl.)
Credits
Nabil Irawan | Patchstack Bug Bounty Program
finder
References
https://patchstack.com/database/wordpress/plugin/popad/vulnerability/wordpress-popad-plugin-1-0-4-server-side-request-forgery-ssrf-vulnerability?_s_id=cve
Problem Types
CWE-918 Server-Side Request Forgery (SSRF)
CWE
Impacts
CAPEC-664 Server Side Request Forgery