How to fix CVE-2025-67623?

Within 24 hours: Identify all WordPress instances running 6Storage Rentals plugin and document current version numbers; disable the plugin immediately as a precautionary measure. Within 7 days: Contact the plugin vendor for patch availability and timeline; if no patch is released, evaluate alternative rental management plugins or implement Web Application Firewall (WAF) rules to block malicious SSRF patterns targeting internal IP ranges (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) and cloud metadata endpoints (169.254.169.254). Within 30 days: Deploy replacement plugin or updated version once vendor releases patch; implement network segmentation to restrict outbound requests from web tier to only required external services.

Is PHP affected by CVE-2025-67623?

A critical Server-Side Request Forgery vulnerability in 6Storage Rentals WordPress plugin (versions ≤2.20.2) enables unauthenticated attackers to force your web server to make unauthorized requests to internal systems and cloud metadata endpoints, potentially exposing sensitive data and internal…

CVE-2025-67623

CRITICAL

2025-12-24 [email protected]

9.1

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

None

Lifecycle Timeline

Analysis Generated

Apr 01, 2026 - 15:22 vuln.today

CVE Published

Dec 24, 2025 - 13:16 nvd

CRITICAL 9.1

Description

Server-Side Request Forgery (SSRF) vulnerability in 6Storage 6Storage Rentals 6storage-rentals allows Server Side Request Forgery.This issue affects 6Storage Rentals: from n/a through <= 2.20.2.

Analysis

Server-Side Request Forgery (SSRF) in 6Storage Rentals WordPress plugin versions ≤2.20.2 allows unauthenticated remote attackers to send crafted requests from the vulnerable server to arbitrary internal or external systems. With CVSS 9.1 (critical) due to network-accessible attack vector requiring no authentication or user interaction, attackers can achieve high confidentiality and integrity impact by potentially accessing internal services, cloud metadata endpoints, or exfiltrating sensitive data. EPSS score of 0.04% (14th percentile) indicates relatively low observed exploitation probability despite the critical severity rating. No confirmed active exploitation (not in CISA KEV) and no public exploit code identified at time of analysis.

Technical Context

This vulnerability stems from CWE-918 (Server-Side Request Forgery), occurring when the 6Storage Rentals WordPress plugin fails to properly validate user-supplied URLs or destination addresses before making server-side HTTP requests. SSRF vulnerabilities allow attackers to abuse the server as a proxy to interact with internal network resources, cloud instance metadata services (such as AWS EC2 metadata at 169.254.169.254), or external systems that trust requests originating from the vulnerable server's IP address. In WordPress plugin contexts, SSRF commonly arises from unsafe handling of webhook URLs, remote file fetching, API integrations, or proxy functionality where user input influences the destination of outbound requests without adequate validation, sanitization, or allowlist controls.

Affected Products

The vulnerability affects 6Storage Rentals, a WordPress plugin developed by 6Storage for managing rental property operations, specifically all versions from an unspecified starting point through version 2.20.2 inclusive. The plugin is distributed through the WordPress plugin repository and is used by property management businesses to integrate rental management functionality into WordPress sites. Organizations running any version of the 6storage-rentals WordPress plugin at or below version 2.20.2 should consider themselves affected. The vulnerability was reported by the Patchstack security research team ([email protected]), which maintains a database of WordPress plugin vulnerabilities. Full technical details and vendor advisory are available at the Patchstack database reference link provided.

Remediation

Upgrade the 6Storage Rentals WordPress plugin to version 2.20.3 or later, which should contain fixes for the SSRF vulnerability based on the disclosed affected version range ending at 2.20.2. Site administrators should access the WordPress admin dashboard, navigate to Plugins, locate 6Storage Rentals, and apply available updates immediately. Prior to patching, organizations can implement temporary mitigations including restricting outbound network access from the WordPress server using firewall rules or security groups to block access to internal IP ranges (RFC 1918 addresses, link-local addresses including 169.254.0.0/16), implementing egress filtering to allow only necessary external destinations, enabling IMDSv2 on cloud instances which requires authenticated metadata requests, and reviewing web application firewall (WAF) rules to detect and block SSRF patterns in plugin requests. After patching, conduct security testing to verify the SSRF vector is remediated and review server logs for indicators of prior exploitation attempts such as unusual outbound connection patterns or requests to internal IP addresses. Detailed vulnerability information and remediation guidance is available in the Patchstack advisory at https://patchstack.com/database/Wordpress/Plugin/6storage-rentals/vulnerability/wordpress-6storage-rentals-plugin-2-19-9-server-side-request-forgery-ssrf-vulnerability.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +46

POC: 0

CVE-2025-67623 vulnerability details – vuln.today

Back

CVE-2025-67623

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

CVE-2025-67623

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

External POC / Exploit Code