CVE-2025-57943 MEDIUM

CVE-2025-57943: WordPress Skimlinks Affiliate Marketing Tool plugin <= 1.3.1 - Server Side Request Forgery (SSRF) vulnerability

Vendor Skimlinks
Product Skimlinks Affiliate Marketing Tool
Weakness CWE-918 · SSRF
Published September 22, 2025
Last update April 28, 2026

CVSS base score

4.4/10
Attack vector Network
Attack complexity High
Privileges required High
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

Server-Side Request Forgery (SSRF) vulnerability in Skimlinks Skimlinks Affiliate Marketing Tool skimlinks allows Server Side Request Forgery.This issue affects Skimlinks Affiliate Marketing Tool: from n/a through <= 1.3.1.

Explanation of Vulnerability in Simple Terms

02Summary

The Skimlinks Affiliate Marketing Tool versions 1.3.1 and earlier contain a server-side request forgery vulnerability. An authenticated administrator can craft requests that cause the tool to make HTTP requests to internal or external systems on the attacker's behalf. The impact is limited to reading non-sensitive data and making minor modifications. Scope is changed, meaning the vulnerability may affect systems beyond the tool itself.

What an attacker can do

03Attacker Capabilities

Make the site send HTTP requests to internal or external systems, potentially reading non-sensitive data or making minor changes.

Potential impact on your site

04Site Impact

An admin account holder could use this to probe your internal network or make unauthorized requests to external services.

Conditions required to exploit

05Prerequisites

Attacker must have administrator-level access to the site; no user interaction required.

Key dates

06Disclosure timeline

September 22, 2025 CVE published
April 28, 2026 Record updated