CVE-2025-31076

Summary

CVE-2025-31076 is a newly disclosed Server-Side Request Forgery (SSRF) vulnerability that affects WP Compress, a plugin used with MainWP. The flaw permits an attacker to issue malicious HTTP requests, potentially leading to the exposure of internal resources or data from the vulnerable server. WP Compress versions from n/a to 6.30.03 are reportedly impacted by this issue. Attackers can exploit this vulnerability to gain unauthorized access, perform reconnaissance, or even launch further attacks, making it a significant security concern for organizations using WP Compress for MainWP. It is essential to apply the appropriate security patches as soon as possible to mitigate this threat.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.