CVE-2025-31824: 
WordPress vulnerability analysis and mitigation

A Server-Side Request Forgery (SSRF) vulnerability was discovered in Wombat Plugins WP Optin Wheel, affecting versions through 1.4.7. The vulnerability was initially reported on January 2, 2025, and was publicly disclosed on April 1, 2025. The security issue was identified by researcher Marek Mikita (Patchstack).

The vulnerability has been assigned CVE-2025-31824 and is classified as CWE-918 (Server-Side Request Forgery). It received a CVSS v3.1 Base Score of 5.4 (Medium) with the vector string CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N, indicating network accessibility with high attack complexity, no privileges required, and no user interaction needed (NVD).

The vulnerability could allow a malicious actor to cause a website to execute website requests to arbitrary domains. This could potentially lead to the discovery of sensitive information from other services running on the system (Patchstack).

The vulnerability has been fixed in version 1.4.8 of the WP Optin Wheel plugin. Users are advised to update to version 1.4.8 or later to remove the vulnerability. Patchstack users have the option to enable auto-update for vulnerable plugins (Patchstack).