Title: Patchstack SSRF vulnerability Last modified: June 24, 2025 --- # Patchstack SSRF vulnerability * Resolved [Ken Gagne](https://wordpress.org/support/users/kgagne/) * (@kgagne) * [11 months, 2 weeks ago](https://wordpress.org/support/topic/patchstack-ssrf-vulnerability/) * Patchstack is reporting a potential Server Side Request Forgery (SSRF) vulnerability in PowerPress Podcasting <= 11.13.2: * > This could allow a malicious actor to cause a website to execute website requests > to an arbitrary domain of the attacker. This could allow a malicious actor > to find sensitive information of other services running on the system. > [CVE-2025-49984](https://patchstack.com/database/wordpress/plugin/powerpress/vulnerability/wordpress-powerpress-podcasting-plugin-11-12-11-server-side-request-forgery-ssrf-vulnerability?_a_id=431) Viewing 5 replies - 1 through 5 (of 5 total) * Plugin Support [Mike Dell](https://wordpress.org/support/users/benzoid/) * (@benzoid) * [11 months, 2 weeks ago](https://wordpress.org/support/topic/patchstack-ssrf-vulnerability/#post-18526361) * Would be nice if Patchstack would let us know. We are looking into it as we just heard about it as well. * Thread Starter [Ken Gagne](https://wordpress.org/support/users/kgagne/) * (@kgagne) * [11 months, 2 weeks ago](https://wordpress.org/support/topic/patchstack-ssrf-vulnerability/#post-18526405) * Thanks! * > Would be nice if Patchstack would let us know. * Based on [their d](https://docs.patchstack.com/faq-troubleshooting/pricing-plans/does-patchstack-have-a-free-version/?_gl=1*abppqn*_up*MQ..*_ga*MTMzNjg5ODk3Mi4xNzUwNzc3MDU3*_ga_V3Z4NFMXH9*czE3NTA3NzcwNTckbzEkZzEkdDE3NTA3NzcwNjkkajQ4JGwwJGgw#for-wordpress) [o](https://docs.patchstack.com/faq-troubleshooting/pricing-plans/does-patchstack-have-a-free-version/#for-wordpress) [cs](https://docs.patchstack.com/faq-troubleshooting/pricing-plans/does-patchstack-have-a-free-version/?_gl=1*abppqn*_up*MQ..*_ga*MTMzNjg5ODk3Mi4xNzUwNzc3MDU3*_ga_V3Z4NFMXH9*czE3NTA3NzcwNTckbzEkZzEkdDE3NTA3NzcwNjkkajQ4JGwwJGgw#for-wordpress), it sounds like there’s a plugin for that! * Plugin Support [Mike Dell](https://wordpress.org/support/users/benzoid/) * (@benzoid) * [11 months, 2 weeks ago](https://wordpress.org/support/topic/patchstack-ssrf-vulnerability/#post-18526506) * They are supposed to reach out to the developer before publicly announcing bugs. * Plugin Support [Mike Dell](https://wordpress.org/support/users/benzoid/) * (@benzoid) * [11 months, 2 weeks ago](https://wordpress.org/support/topic/patchstack-ssrf-vulnerability/#post-18530302) * Patchstack hasn’t cleared the issue. 🙁 Sadly they are slow. * Plugin Support [Mike Dell](https://wordpress.org/support/users/benzoid/) * (@benzoid) * [11 months, 1 week ago](https://wordpress.org/support/topic/patchstack-ssrf-vulnerability/#post-18538482) * We fixed it as far as we know at this point. Patchstack has been very slow at communicating with us on what they are finding. * I’m assured by my dev team that the bug they are reporting is fixed and even if it isn’t, it’s a very obscure and minor issue. Unfortunately, we are kind of at their mercy here 🙁 Viewing 5 replies - 1 through 5 (of 5 total) The topic ‘Patchstack SSRF vulnerability’ is closed to new replies. * ![](https://ps.w.org/powerpress/assets/icon.svg?rev=2849869) * [PowerPress Podcasting plugin by Blubrry](https://wordpress.org/plugins/powerpress/) * [Frequently Asked Questions](https://wordpress.org/plugins/powerpress/#faq) * [Support Threads](https://wordpress.org/support/plugin/powerpress/) * [Active Topics](https://wordpress.org/support/plugin/powerpress/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/powerpress/unresolved/) * [Reviews](https://wordpress.org/support/plugin/powerpress/reviews/) * 6 replies * 5 participants * Last reply from: [Mike Dell](https://wordpress.org/support/users/benzoid/) * Last activity: [11 months, 1 week ago](https://wordpress.org/support/topic/patchstack-ssrf-vulnerability/#post-18538482) * Status: resolved