CVE-2025-47437: 
WordPress vulnerability analysis and mitigation

A Server-Side Request Forgery (SSRF) vulnerability was discovered in LiteSpeed Technologies' LiteSpeed Cache WordPress plugin, tracked as CVE-2025-47437. The vulnerability affects versions through 7.0.1 and was disclosed on May 7, 2025. The issue was initially reported by security researcher TaiYou on September 13, 2024 (Patchstack).

The vulnerability has been assigned a CVSS v3 base score of 6.4 (Medium), with an impact score of 2.7 and exploitability score of 3.1. The attack vector is network-based, requires low attack complexity, and needs low-level privileges with no user interaction. The vulnerability affects the scope in a changed manner, with low impact on both confidentiality and integrity (AttackerKB).

The SSRF vulnerability could allow authenticated attackers with Editor-level access to make web requests to arbitrary locations originating from the web application. This capability could potentially be used to query and modify information from internal services, potentially exposing sensitive information about other services running on the system (WPScan).

The vulnerability has been patched in version 7.1 of the LiteSpeed Cache plugin. Users are advised to update to version 7.1 or later to remove the vulnerability. The fix was released on May 7, 2025 (Patchstack).