{"id":"CVE-2025-11917","details":"The WPeMatico RSS Feed Fetcher plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.8.11 via the wpematico_test_feed() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.","modified":"2026-04-10T05:22:02.668802Z","published":"2025-11-05T07:15:32.073Z","references":[{"type":"WEB","url":"https://plugins.trac.wordpress.org/browser/wpematico/tags/2.8.11/app/wpematico_functions.php#L1249"},{"type":"WEB","url":"https://plugins.trac.wordpress.org/browser/wpematico/tags/2.8.11/app/wpematico_functions.php#L1260"},{"type":"WEB","url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/5a1c6377-c2a7-4344-86bd-d2797db19469?source=cve"},{"type":"WEB","url":"https://plugins.trac.wordpress.org/browser/wpematico/tags/2.8.11/app/campaign_edit.php#L24"},{"type":"FIX","url":"https://github.com/etruel/wpematico/commit/7a281dcfc0868490d62caee54f3b743708fed7cf"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/etruel/wpematico","events":[{"introduced":"0"},{"fixed":"7a281dcfc0868490d62caee54f3b743708fed7cf"}]}],"versions":["1.3.8.2","1.3.8.3","1.3.8.4","1.4","1.4.1","1.4.2","1.5","1.6","1.6.1","1.6.2","1.7","1.7.2","1.7.3","1.8.1","1.8.2","1.8.3","1.8.4","1.8.5","1.9","1.9.2","1.9.3","1.9.4","2.0","2.1","2.1.1","2.1.2","2.2","2.2.2","2.3","2.3.10","2.3.2","2.3.3","2.3.4","2.4.2","2.4.2RC2","2.5","2.5.1","2.5.3","2.6.1","2.6.10","2.6.11","2.6.12","2.6.15","2.6.16","2.6.17","2.6.18","2.6.19","2.6.2","2.6.20","2.6.20.2","2.6.21","2.6.22","2.6.24","2.6.25","2.6.3","2.6.4","2.6.6","2.6.7","2.6.8","2.6.9","2.7","2.7.10","2.7.2","2.7.3","2.7.4","2.7.6","2.7.7","2.7.7.1","2.7.8","2.7.9","2.8","2.8.2","2.8.3","2.8.4","2.8.5","2.8.7"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-11917.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"}]}