**Name of the Vulnerable Software and Affected Versions**

Snow Monkey versions prior to 29.1.6

**Description**

The Snow Monkey theme for WordPress is susceptible to Server-Side Request Forgery (SSRF) in all versions up to and including 29.1.5. This flaw resides within the `request()` function and allows unauthenticated attackers to initiate web requests to arbitrary locations from the web application. Successful exploitation could enable attackers to query and modify information from internal services.

**Recommendations**

Update to Snow Monkey version 29.1.6 or later.