CVE-2026-0807

Name of the Vulnerable Software and Affected Versions Frontis Blocks versions prior to 1.1.7

Description The Frontis Blocks plugin for WordPress is susceptible to Server-Side Request Forgery. This is caused by inadequate restriction of the url parameter within the template proxy function. This allows unauthenticated attackers to initiate web requests to arbitrary locations from the web application. The affected API endpoints are '/template-proxy/' and '/proxy-image/'.

Recommendations Update Frontis Blocks to version 1.1.7 or later.