vulnerability

WordPress Plugin: anac-xml-viewer: CVE-2025-64252: Server-Side Request Forgery (SSRF)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
5	(AV:N/AC:L/Au:S/C:P/I:P/A:N)	Nov 26, 2025	Jan 20, 2026	Jan 23, 2026

Severity

CVSS

(AV:N/AC:L/Au:S/C:P/I:P/A:N)

Published

Nov 26, 2025

Added

Jan 20, 2026

Modified

Jan 23, 2026

Description

The ANAC XML Viewer plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.8.2. This makes it possible for authenticated attackers, with Contributor-level access and above, to make web requests to arbitrary locations originating from the web application which can be used to query and modify information from internal services.

Solution

anac-xml-viewer-plugin-cve-2025-64252

References

URL-https://www.cve.org/CVERecord?id=CVE-2025-64252
URL-https://www.wordfence.com/threat-intel/vulnerabilities/id/988bc04a-9294-4433-b4b2-d7ccf2e08297?source=api-prod
CVE-2025-64252
https://attackerkb.com/topics/CVE-2025-64252
CWE-918

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today