CVE-2025-14613

Name of the Vulnerable Software and Affected Versions GetContentFromURL plugin for WordPress versions prior to 1.1

Description The GetContentFromURL plugin for WordPress is susceptible to Server-Side Request Forgery in versions up to and including 1.0. The issue stems from the plugin utilizing wp remote get() instead of wp safe remote get() when retrieving content from a URL provided by the user through the url parameter within the [gcfu] shortcode. This allows authenticated attackers with Contributor-level access or higher to initiate web requests to arbitrary locations from the web application, potentially enabling them to query and modify information from internal services.

Recommendations Update the GetContentFromURL plugin to version 1.1 or later.