CVE-2025-57055

Published: Sep 17, 2025

Modified: Sep 17, 2025

PUBLISHED

Description

WonderCMS 3.5.0 is vulnerable to Server-Side Request Forgery (SSRF) in the custom module installation functionality. An authenticated administrator can supply a malicious URL via the pluginThemeUrl POST parameter. The server fetches the provided URL using curl_exec() without sufficient validation, allowing the attacker to force internal or external HTTP requests.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/thawphone/CVE-2025-57055

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-57055

Description

Affected Products

References