CVE-2025-24703
CVSS 3.1 Score 4.4 of 10 (medium)
Details
Published Jan 24, 2025
CWE ID 918
Summary
CVE-2025-24703 is a Server-Side Request Forgery (SSRF) vulnerability affecting the Comment Edit Core – Simple Comment Editing plugin. This issue, which impacts versions from n/a to 3.0.33, allows an attacker to make malicious requests on the affected server, potentially leading to server-side data disclosure or even server takeover. The vulnerability is due to insufficient input validation in the plugin, making it susceptible to SSRF attacks. Successful exploitation could result in significant security risks for the targeted system.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Vendors
- WordPress