Server-Side Request Forgery Vulnerability in WP Compress for MainWP Product by WordPress
CVE-2025-31076

4.9MEDIUM

Key Information:

Vendor: WordPress
Status: WP Compress For MainWP
Vendor: CVE Published:; 28 March 2025

What is CVE-2025-31076?

The WP Compress plugin for MainWP is susceptible to a Server-Side Request Forgery (SSRF) vulnerability. This flaw allows an attacker to manipulate server requests, potentially accessing sensitive information and services within the server environment. Affected versions range from n/a to 6.30.03, posing a significant risk to users if not addressed. It is crucial for website administrators using this plugin to implement security measures and patch their installations promptly.

Affected Version(s)

WP Compress for MainWP <= 6.30.03

References

https://patchstack.com/database/wordpress/plugin/wp-compr...

vdb-entry

CVSS V3.1

Score:

4.9

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 28, 2025
Vulnerability Reserved
Mar 26, 2025

Credit

theviper17 (Patchstack Alliance)