CVE-2025-12496 | Dylan James Zephyr Project Manager Plugin up to 3.3.203 on WordPress allow_url_fopen File server-side request forgery

A vulnerability marked as critical has been reported in Dylan James Zephyr Project Manager Plugin up to 3.3.203 on WordPress. Impacted is the function allow_url_fopen. The manipulation of the argument File leads to server-side request forgery.

This vulnerability is referenced as CVE-2025-12496. Remote exploitation of the attack is possible. No exploit is available.VulDB Recent EntriesRead More