CWE-918

Server-Side Request Forgery (SSRF)

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

We have discovered 6,951,576 live websites that are affected by CWE-918.

Available Reports

Website List

CVEs

Count - 158

CWE References

cwe.mitre.org

Website Distribution by Country

Number of websites using CWE-918

United States	1,646,462 websites

Germany	1,205,350 websites
France	392,698 websites
Japan	351,194 websites
Netherlands	293,374 websites
Russia	245,925 websites
GB	233,719 websites
Italy	218,990 websites
Poland	137,895 websites
Spain	136,963 websites

Website Distribution by TLD

Number of websites using CWE-918

.com	2,600,690 websites
.de	779,500 websites
.org	289,695 websites
.nl	268,556 websites
.net	223,871 websites
.ru	206,551 websites
.it	165,561 websites
.fr	149,248 websites
.co.uk	147,725 websites
.pl	108,541 websites

Newest CVEs

List of the most recent CVEs that are part of CWE-918

Discovered	CVE	Description	Websites
Oct, 2025	CVE-2025-10735	Block For Mailchimp – Easy Mailchimp Form Integration <= 1.1.12 - Unauthenticated Blind Server-Side Request Forgery	92
Sep, 2025	CVE-2025-53461	WordPress Beaf Plugin <= 1.6.2 - Server Side Request Forgery (SSRF) Vulnerability	154
Sep, 2025	CVE-2025-58962	WordPress Publitio Plugin <= 2.2.1 - Server Side Request Forgery (SSRF) Vulnerability	188
Sep, 2025	CVE-2025-9862	Ghost 6.0.6 - SSRF via oEmbed Bookmark	7,035
Sep, 2025	CVE-2025-47437	WordPress LiteSpeed Cache plugin <= 7.0.1 - Server Side Request Forgery (SSRF) vulnerability	351,708
Sep, 2025	CVE-2025-49430	WordPress Ultimate Video Player Plugin <= 10.1 - Server Side Request Forgery (SSRF) Vulnerability	299
Sep, 2025	CVE-2025-8085	Ditty < 3.1.58 - Unauthenticated SSRF	16,566
Sep, 2025	CVE-2025-43763	A server-side request forgery (SSRF) vulnerability exist in the Liferay Portal 7.4.0 through 7.4.3....	72
Sep, 2025	CVE-2025-58829	WordPress Ai Auto Tool Content Writing Assistant (Gemini Writer, ChatGPT ) All in One Plugin <= 2.2.6 - Server Side Request Forgery (SSRF) Vulnerability	50
Sep, 2025	CVE-2025-58615	WordPress WP Bannerize Pro Plugin <= 1.10.0 - Server Side Request Forgery (SSRF) Vulnerability	409

The most widespread CVEs

List of the most common CVEs that are part of CWE-918

Discovered	CVE	Description	Websites
Jul, 2025	CVE-2024-43204	Apache HTTP Server: SSRF with mod_headers setting Content-Type header	2,443,002
Jul, 2025	CVE-2024-43394	Apache HTTP Server: SSRF on Windows due to UNC paths	2,443,002
Jul, 2025	CVE-2025-1220	Null byte termination in hostnames	1,901,072
Jul, 2024	CVE-2024-38472	Apache HTTP Server on WIndows UNC SSRF	1,836,707
Dec, 2022	CVE-2022-3590	WP <= 6.1.1 - Unauthenticated Blind SSRF via DNS Rebinding	1,812,530
Jul, 2024	CVE-2024-40898	Apache HTTP Server: SSRF with mod_rewrite in server/vhost context on Windows	1,468,426
Sep, 2021	CVE-2021-40438	mod_proxy SSRF	1,033,403
Sep, 2025	CVE-2025-47437	WordPress LiteSpeed Cache plugin <= 7.0.1 - Server Side Request Forgery (SSRF) vulnerability	351,708
Jul, 2024	CVE-2024-4260	CoBlocks < 3.1.12 - Contributor+ SSRF	158,691
Feb, 2025	CVE-2024-13695	Enfold <= 6.0.9 - Authenticated (Subscriber+) Server-Side Request Forgery via attachment_id	132,801

Websites affected by CWE-918

Top websites that are affected by CWE-918. Please click on the "Contact us" link to get more information.

Domain	Country	Rank
*********.com	United States	**
*******.com	Singapore	***
************.org	Singapore	***
********.com	United States	***
*****************.com	United States	***
****.br	Brazil	***
**********.com	United States	***
*****.net	Singapore	***
**.****.com	Singapore	***
***********..*..**********.net	United States	***

See full domain list