CVE-2025-13174

Summary

A weakness has been identified in rachelos WeRSS we-mp-rss up to 1.4.7. Affected by this vulnerability is the function do_job of the file /rachelos/we-mp-rss/blob/main/jobs/mps.py of the component Webhook Module. Executing manipulation of the argument web_hook_url can lead to server-side request forgery. The attack may be launched remotely. The exploit has been made available to the public and could be exploited.

Affected Software

VendorProductVersion RangeStatus
rachelosWeRSS we-mp-rss1.4.0affected
rachelosWeRSS we-mp-rss1.4.1affected
rachelosWeRSS we-mp-rss1.4.2affected
rachelosWeRSS we-mp-rss1.4.3affected
rachelosWeRSS we-mp-rss1.4.4affected
rachelosWeRSS we-mp-rss1.4.5affected
rachelosWeRSS we-mp-rss1.4.6affected
rachelosWeRSS we-mp-rss1.4.7affected

Weaknesses

  • CWE-918: Server-Side Request Forgery

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References