Dhanesh Sivasamy

**Name of the Vulnerable Software and Affected Versions** Craw Data WordPress plugin versions through 1.0.0 **Description** The issue is related to the lack of nonce checks in the Craw Data WordPress plugin, which could allow attackers to make a logged-in admin change the `url` value, performing unwanted crawls on third-party sites, also known as Server-Side Request Forgery (SSRF). **Recommendations** For Craw Data WordPress plugin versions through 1.0.0, consider disabling the plugin until a patch is available to prevent potential SSRF attacks. Restrict access to the plugin's settings to minimize the risk of exploitation. Avoid using the `url` value in the affected plugin until the issue is resolved.