CVE-2025-3775: 
WordPress vulnerability analysis and mitigation

CVE-2025-3775 affects the ShopLentor – WooCommerce Builder for Elementor & Gutenberg +20 Modules plugin for WordPress, specifically versions up to and including 3.1.2. The vulnerability was discovered and reported by Wordfence, with the initial disclosure date being April 25, 2025 (NVD).

The vulnerability is classified as a Server-Side Request Forgery (SSRF) issue, identified in the woolentor_template_proxy function. The CVSS v3.1 base score is 6.5 (MEDIUM), with a vector string of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N. The vulnerable code is located in the Admin.php file, where insufficient validation of URL parameters allows for potential SSRF attacks (WordPress Plugin).

The vulnerability enables unauthenticated attackers to make web requests to arbitrary locations originating from the web application. This capability can be exploited to query and modify information from internal services, potentially exposing sensitive data or internal systems to unauthorized access (NVD).

Website administrators running affected versions of the ShopLentor plugin should update to a version newer than 3.1.2 as soon as it becomes available. Until then, consider disabling the plugin if it's not critical to website operations (NVD).