CVE-2025-49877: 
WordPress vulnerability analysis and mitigation

Server-Side Request Forgery (SSRF) vulnerability was discovered in Metagauss ProfileGrid WordPress plugin affecting versions through 5.9.5.2. The vulnerability was disclosed on June 17, 2025, and has been assigned CVE-2025-49877. This security issue allows Server Side Request Forgery attacks in the ProfileGrid plugin (NVD, Patchstack).

The vulnerability has been assessed with a CVSS v3.1 Base Score of 4.9 (MEDIUM) with the vector string CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N. The issue has been classified under CWE-918 (Server-Side Request Forgery). The vulnerability requires low privileges and no user interaction, though it has high attack complexity (NVD).

This vulnerability could allow a malicious actor to cause a website to execute website requests to an arbitrary domain of the attacker. The potential impact includes the discovery of sensitive information from other services running on the system. The CVSS scoring indicates low confidentiality and integrity impact, with no impact on availability (Patchstack).

The vulnerability has been patched in version 5.9.5.3 of the ProfileGrid plugin. Users are recommended to update to this version or later to remove the vulnerability (Wiz).