CVE-2025-10735 is a Server-Side Request Forgery (SSRF) vulnerability classified under CWE-918, found in the 'Block For Mailchimp – Easy Mailchimp Form Integration' WordPress plugin developed by bplugins. The vulnerability affects all versions up to and including 1.1.12 and resides in the mcbSubmit_Form_Data() function. SSRF vulnerabilities allow attackers to abuse the server to send HTTP requests to arbitrary locations, including internal network services that are otherwise inaccessible externally. This particular SSRF is blind, meaning the attacker does not receive direct response data from the targeted internal resource, but can infer success or failure through side effects or indirect responses. The vulnerability is exploitable without authentication or user interaction, but requires a high level of attack complexity, likely due to the need to craft specific requests or conditions. The impact primarily involves the potential to query internal services and modify information, which can lead to limited integrity compromise within the internal network. The CVSS v3.1 score is 4.0 (medium severity) with vector AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N, indicating network attack vector, high complexity, no privileges or user interaction required, scope changed, no confidentiality or availability impact, and limited integrity impact. No patches or known exploits are currently available, emphasizing the need for proactive mitigation. This vulnerability is significant for organizations running WordPress sites with this plugin, especially those with sensitive internal services accessible from the web server.

The primary impact of CVE-2025-10735 is the potential for attackers to leverage the vulnerable WordPress plugin to perform SSRF attacks, enabling them to send crafted HTTP requests from the web server to arbitrary internal or external systems. This can facilitate internal network reconnaissance, allowing attackers to discover and interact with internal services that are not exposed externally. Although the vulnerability does not directly compromise confidentiality or availability, it can lead to limited integrity issues by modifying information on internal services if such services accept HTTP requests that alter state. The exploitation requires no authentication or user interaction, increasing the attack surface. Organizations with sensitive internal APIs, databases, or management interfaces accessible from the web server are at risk of indirect compromise. The medium CVSS score reflects the complexity and limited direct impact, but the potential for lateral movement or further exploitation within internal networks elevates the threat. The absence of known exploits suggests that attackers have not yet widely weaponized this vulnerability, but it remains a significant risk for WordPress sites using this plugin.

1. Immediate mitigation should include disabling or removing the 'Block For Mailchimp – Easy Mailchimp Form Integration' plugin until a security patch is released. 2. Restrict outbound HTTP requests from the web server hosting WordPress to only trusted destinations using firewall rules or web proxy configurations to prevent SSRF exploitation. 3. Implement network segmentation to isolate internal services from the web server, minimizing the impact of SSRF attacks. 4. Monitor web server logs for unusual outbound request patterns or anomalies indicative of SSRF attempts. 5. Employ Web Application Firewalls (WAFs) with custom rules to detect and block suspicious requests targeting the vulnerable plugin's endpoints, particularly those invoking mcbSubmit_Form_Data(). 6. Once available, promptly apply vendor patches or updates addressing this vulnerability. 7. Conduct internal audits of services accessible from the web server to ensure they are hardened against unauthorized requests. 8. Educate development and security teams about SSRF risks and secure coding practices to prevent similar vulnerabilities in custom plugins or integrations.