CVE-2025-67623 MEDIUM

CVE-2025-67623: WordPress 6Storage Rentals plugin <= 2.22.0 - Server Side Request Forgery (SSRF) vulnerability

Vendor 6Storage

Product 6Storage Rentals

Weakness CWE-918 · SSRF

Published December 24, 2025

Last update April 28, 2026

View on NVD All CVEs

CVSS base score

5.4/10

Attack vector Network

Attack complexity High

Privileges required None

User interaction None

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

Server-Side Request Forgery (SSRF) vulnerability in 6Storage 6Storage Rentals 6storage-rentals allows Server Side Request Forgery.This issue affects 6Storage Rentals: from n/a through <= 2.22.0.

Key dates

02Disclosure timeline

December 24, 2025 CVE published

April 28, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-67623

Related vulnerabilities

04Related CVE

CVE-2026-24736 Squidex has Server-Side Request Forgery (SSRF) Issue in Webhook Configuration CVE-2026-43526 OpenClaw < 2026.4.12 - Server-Side Request Forgery via QQBot Reply Media URL Handling CVE-2024-38758 WordPress WappPress plugin <= 6.0.4 - Blind Server Side Request Forgery (SSRF) vulnerability CVE-2023-22817 Server-side Request Forgery vulnerability in Western Digital My Cloud, My Cloud Home and SanDisk ibi products CVE-2026-33024 AVideo-Encoder has Unauthenticated Blind Server-Side Request Forgery via Public Thumbnail Generator