CVE-2025-13174 | rachelos WeRSS we-mp-rss up to 1.4.7 Webhook mps.py do_job web_hook_url server-side request forgery

Inserito da Angelo Barbosa | Nov 14, 2025 | CVE

A vulnerability was found in rachelos WeRSS we-mp-rss up to 1.4.7. It has been declared as critical. Affected by this vulnerability is the function do_job of the file /rachelos/we-mp-rss/blob/main/jobs/mps.py of the component Webhook Module. Executing manipulation of the argument web_hook_url can lead to server-side request forgery.

The identification of this vulnerability is CVE-2025-13174. The attack may be launched remotely. Furthermore, there is an exploit available.

CVE-2025-13174 | rachelos WeRSS we-mp-rss up to 1.4.7 Webhook mps.py do_job web_hook_url server-side request forgery

Post correlati

CVE-2024-56061 | Webful Creations Computer Repair Shop Plugin up to 3.8119 on WordPress authorization

CVE-2024-1714 | SailPoint IdentityIQ Lifecycle Manager input validation

CVE-2024-50507 | Daniel Schmitzer DS.DownloadList Plugin up to 1.3 on WordPress deserialization

CVE-2023-43517 | Qualcomm QAM8255P Automotive Multimedia memory corruption