Skip to main content

SmartDataSoft Pool Services CVE-2025-62741

MEDIUM
Server-Side Request Forgery (SSRF) (CWE-918)
2026-01-22 audit@patchstack.com
5.4
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.4 MEDIUM
AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

4
Severity Changed
Apr 23, 2026 - 15:43 NVD
CRITICAL MEDIUM
CVSS changed
Apr 23, 2026 - 15:43 NVD
9.1 (CRITICAL) 5.4 (MEDIUM)
Analysis Generated
Mar 12, 2026 - 21:54 vuln.today
CVE Published
Jan 22, 2026 - 17:15 nvd
CRITICAL 9.1

DescriptionCVE.org

Server-Side Request Forgery (SSRF) vulnerability in SmartDataSoft Pool Services pool-services allows Server Side Request Forgery.This issue affects Pool Services: from n/a through <= 3.3.

AnalysisAI

Pool Services WordPress plugin has a Server-Side Request Forgery vulnerability allowing attackers to make the server perform arbitrary HTTP requests to internal and external targets.

Technical ContextAI

The Pool Services plugin by SmartDataSoft has a CWE-918 SSRF vulnerability that allows attackers to make the WordPress server send HTTP requests to arbitrary destinations, including internal network resources.

Affected ProductsAI

SmartDataSoft Pool Services WordPress plugin

RemediationAI

Remove or update the plugin. Implement SSRF protections (allowlist URLs, block internal IP ranges).

Share

CVE-2025-62741 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy