SmartDataSoft Pool Services CVE-2025-62741
MEDIUMSeverity by source
AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N
Lifecycle Timeline
4DescriptionCVE.org
Server-Side Request Forgery (SSRF) vulnerability in SmartDataSoft Pool Services pool-services allows Server Side Request Forgery.This issue affects Pool Services: from n/a through <= 3.3.
AnalysisAI
Pool Services WordPress plugin has a Server-Side Request Forgery vulnerability allowing attackers to make the server perform arbitrary HTTP requests to internal and external targets.
Technical ContextAI
The Pool Services plugin by SmartDataSoft has a CWE-918 SSRF vulnerability that allows attackers to make the WordPress server send HTTP requests to arbitrary destinations, including internal network resources.
Affected ProductsAI
SmartDataSoft Pool Services WordPress plugin
RemediationAI
Remove or update the plugin. Implement SSRF protections (allowlist URLs, block internal IP ranges).
Same weakness CWE-918 – Server-Side Request Forgery (SSRF)
View allShare
External POC / Exploit Code
Leaving vuln.today