A vulnerability classified as critical has been found in WonderCMS 3.5.0. This affects the function curl_exec. This manipulation of the argument pluginThemeUrl causes server-side request forgery.

This vulnerability appears as CVE-2025-57055. The attack may be initiated remotely. There is no available exploit.