Server-Side Request Forgery Vulnerability in LMPixels Kerge Theme
CVE-2025-67989

Currently unrated

Key Information:

Vendor

WordPress
Status
Kerge
Vendor
CVE Published:
16 December 2025

What is CVE-2025-67989?

The LMPixels Kerge Theme has a Server-Side Request Forgery (SSRF) vulnerability that allows attackers to send unauthorized requests from the server. This vulnerability could potentially expose sensitive data and compromise the security of the website. It affects versions n/a through 4.1.3, making it crucial for users to update their theme to mitigate risks associated with this flaw.

Affected Version(s)

Kerge <= n/a

References

https://vdp.patchstack.com/database/Wordpress/Theme/kerge...
vdb-entry

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

João Pedro S Alcântara (Kinorth) | Patchstack Bug Bounty Program
JSON
.
CVE-2025-67989 : Server-Side Request Forgery Vulnerability in LMPixels Kerge Theme