CVE-2025-10137

Name of the Vulnerable Software and Affected Versions Snow Monkey versions prior to 29.1.6

Description The Snow Monkey theme for WordPress is susceptible to Server-Side Request Forgery (SSRF) in all versions up to and including 29.1.5. This flaw resides within the request() function and allows unauthenticated attackers to initiate web requests to arbitrary locations from the web application. Successful exploitation could enable attackers to query and modify information from internal services.

Recommendations Update to Snow Monkey version 29.1.6 or later.