CVE-2025-22726
MEDIUMSeverity by source
AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Lifecycle Timeline
4DescriptionCVE.org
Server-Side Request Forgery (SSRF) vulnerability in _nK nK Themes Helper nk-themes-helper allows Server Side Request Forgery.This issue affects nK Themes Helper: from n/a through <= 1.7.9.
AnalysisAI
nK Themes Helper WordPress plugin (through 1.7.9) has SSRF enabling unauthenticated server-side requests to internal services and cloud metadata endpoints.
Technical ContextAI
The plugin makes server-side requests based on user input without validating the target URL (CWE-918). This allows access to internal services, cloud metadata APIs, and restricted network resources.
Affected ProductsAI
nK Themes Helper through 1.7.9
RemediationAI
Update or remove the plugin. Implement SSRF protections at the server level.
Same weakness CWE-918 – Server-Side Request Forgery (SSRF)
View allShare
External POC / Exploit Code
Leaving vuln.today