Server-Side Request Forgery Vulnerability in Snow Monkey Theme by WordPress
CVE-2025-10137

5.4MEDIUM

Key Information:

Vendor: WordPress
Status: Snow Monkey
Vendor: CVE Published:; 26 September 2025

What is CVE-2025-10137?

The Snow Monkey theme for WordPress is susceptible to a Server-Side Request Forgery (SSRF) flaw that affects all versions up to and including 29.1.5. This vulnerability arises from the request() function, which allows unauthenticated attackers to send web requests to arbitrary locations directly from the web application. This capability can potentially be exploited to access and manipulate sensitive information from internal services.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Snow Monkey 29.1.5

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://github.com/inc2734/wp-oembed-blog-card

https://github.com/inc2734/wp-oembed-blog-card/blob/maste...

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Sep 26, 2025
Vulnerability Reserved
Sep 8, 2025

Credit

Yuya Kotake

JSON

WordPress