Server-Side Request Forgery Vulnerability in Snow Monkey Theme by WordPress
CVE-2025-10137

5.4MEDIUM

Key Information:

Vendor: WordPress
Status: Snow Monkey
Vendor: CVE Published:; 26 September 2025

What is CVE-2025-10137?

The Snow Monkey theme for WordPress is susceptible to a Server-Side Request Forgery (SSRF) flaw that affects all versions up to and including 29.1.5. This vulnerability arises from the request() function, which allows unauthenticated attackers to send web requests to arbitrary locations directly from the web application. This capability can potentially be exploited to access and manipulate sensitive information from internal services.

Affected Version(s)

Snow Monkey 29.1.5

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://github.com/inc2734/wp-oembed-blog-card

https://github.com/inc2734/wp-oembed-blog-card/blob/maste...

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 26, 2025
Vulnerability Reserved
Sep 8, 2025

Credit

Yuya Kotake

JSON