CVE-2025-8678

Name of the Vulnerable Software and Affected Versions: WP Crontrol versions 1.17.0 through 1.19.1

Description: The WP Crontrol plugin for WordPress is vulnerable to Server-Side Request Forgery via the wp remote request() function. This allows authenticated attackers with Administrator-level access and above to make web requests to arbitrary locations originating from the web application, potentially allowing them to query and modify information from internal services.

Recommendations: WP Crontrol versions 1.17.0 through 1.19.1 should be updated to version 1.19.2 or later. If an immediate update is not possible, remove any Administrator-level users who are not fully trusted.