Vulnerability Description
The Fancy Product Designer plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.4.8. This is due to a time-of-check/time-of-use (TOCTOU) race condition in the 'url' parameter of the fpd_custom_uplod_file AJAX action. The plugin validates the URL by calling getimagesize() first, then later retrieves the same URL using file_get_contents(). This makes it possible for unauthenticated attackers to exploit the timing gap to perform SSRF attacks by serving a valid image during validation, then changing the response to redirect to arbitrary internal or external URLs during the actual fetch.
CVSS Score
MEDIUM
Related Weaknesses (CWE)
References
- https://support.fancyproductdesigner.com/support/discussions/topics/13000036024
- https://www.wordfence.com/threat-intel/vulnerabilities/id/c56ec6ae-5b75-4cbb-aed
FAQ
What is CVE-2025-13231?
CVE-2025-13231 is a vulnerability with a CVSS score of 6.5 (MEDIUM). The Fancy Product Designer plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.4.8. This is due to a time-of-check/time-of-use (TOCTOU) race condi...
How severe is CVE-2025-13231?
CVE-2025-13231 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-13231?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.