HIGH
mariovalney
CVE published 2026-06-18
CVE-2026-11395
The CF7 to Webhook plugin for WordPress has a critical vulnerability, CVE-2026-11395, with a CVSS score of 7.2. This Server-Side Request Forgery (SSRF) vulnerability allows unauthenticated attackers to make web requests to arbitrary locations, potentially querying and modifying internal services. The vulnerability exists in all versions up to and including 5.0.0 of the plugin. Exploitation requires a spec [truncated]