CVE-2025-53461 MEDIUM

CVE-2025-53461: WordPress Beaf Plugin <= 1.6.2 - Server Side Request Forgery (SSRF) Vulnerability

Vendor Binsaifullah

Product Beaf

Weakness CWE-918 · SSRF

Published September 22, 2025

Last update April 28, 2026

View on NVD All CVEs

CVSS base score

4.4/10

Attack vector Network

Attack complexity High

Privileges required High

User interaction None

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

Server-Side Request Forgery (SSRF) vulnerability in Binsaifullah Beaf image-compare-block allows Server Side Request Forgery.This issue affects Beaf: from n/a through <= 1.6.2.

Key dates

02Disclosure timeline

September 22, 2025 CVE published

April 28, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-53461

Related vulnerabilities

04Related CVE

CVE-2024-1233 Eap: wildfly-elytron has a ssrf security issue CVE-2022-23464 Potential Server Side Request Forgery (SSRF) in Nepxion Discovery CVE-2025-0480 wuzhicms config.php test server-side request forgery CVE-2026-21433 Emlog vulnerable to Server-Side Request Forgery (SSRF) CVE-2026-44578 Next.js: Server-side request forgery in applications using WebSocket upgrades