A critical Server-Side Request Forgery (SSRF) vulnerability, identified as CVE-2025-68500 with a CVSS score of 9.1, has been discovered in the Prime Slider – Addons For Elementor WordPress plugin. This flaw allows an unauthenticated attacker to force the server to make web requests to arbitrary locations, including internal network services. Successful exploitation could lead to sensitive information disclosure, internal network scanning, and potential compromise of the underlying server or cloud infrastructure.

The vulnerability is a Server-Side Request Forgery (SSRF) located within the Prime Slider plugin. A component of the plugin processes user-supplied input (likely a URL or part of a URL) and uses it to initiate an outbound web request from the server without proper validation. An attacker can exploit this by crafting a malicious request containing a URL that points to an internal, non-public resource. This forces the server to act as a proxy, sending requests to internal IP addresses (e.g., 127.0.0.1, 192.168.x.x), cloud metadata services (e.g., 169.254.169.254), or other sensitive endpoints accessible only from the server itself, potentially bypassing firewall rules.

This vulnerability presents a critical risk to the organization, reflected by its CVSS score of 9.1. Exploitation can lead to significant data breaches and system compromise. An attacker could leverage this SSRF flaw to scan the internal network, identify open ports and services, and exfiltrate sensitive data from internal applications, databases, or configuration files. If the server is hosted in a cloud environment, an attacker could potentially access the cloud provider's metadata service to steal access credentials, leading to a full compromise of the cloud account. The potential consequences include unauthorized access to confidential data, loss of system integrity, and severe reputational damage.

Immediate Action: Update the "Prime Slider – Addons For Elementor" plugin to the latest version available (a version later than 4.0.10) across all relevant web applications immediately. After patching, monitor for any signs of post-exploitation activity and thoroughly review web server and application access logs for any suspicious outbound requests made prior to the update.

Proactive Monitoring: Implement monitoring on web server logs and network traffic for unusual outbound requests originating from the server. Specifically, look for requests targeting internal IP address ranges (e.g., 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) or the cloud metadata service IP (169.254.169.254). Alert on any unexpected protocols or ports being used in outbound connections from the web server process.

Compensating Controls: If immediate patching is not feasible, implement a Web Application Firewall (WAF) with rules designed to detect and block common SSRF payloads and requests containing internal IP addresses or specific domain patterns. Additionally, enforce strict egress filtering at the network firewall level to limit the web server's ability to initiate connections to the internal network or unknown external destinations.

Public Exploit Available: false

Given the critical severity (CVSS 9.1) of this vulnerability and its potential for deep network intrusion and data exfiltration, we recommend immediate and urgent action. All instances of the "Prime Slider – Addons For Elementor" plugin must be identified and patched to the latest version without delay. Although this CVE is not currently on the CISA KEV list, its high impact makes it a prime candidate for future inclusion and a high-priority target for attackers. Organizations should treat this vulnerability with the highest priority to prevent potential compromise.