CVE-2025-13174

Name of the Vulnerable Software and Affected Versions rachelos WeRSS we-mp-rss versions up to 1.4.7

Description A flaw exists in the Webhook Module of rachelos WeRSS we-mp-rss. The do job function within the /rachelos/we-mp-rss/blob/main/jobs/mps.py file is susceptible to server-side request forgery (SSRF). Manipulation of the web hook url argument can trigger this issue, allowing for remote exploitation. The exploit is publicly available.

Recommendations Versions prior to 1.4.7 should be updated. As a temporary workaround, consider restricting or disabling the use of the web hook url argument in the do job function until a patch is available.