The WP Optin Wheel plugin for WordPress, developed by Wombat Plugins, contains a Server-Side Request Forgery (SSRF) vulnerability identified as CVE-2025-31824. This affects versions up to 1.4.7. SSRF vulnerabilities allow attackers to make the server perform unauthorized requests, which can lead to information disclosure or manipulation of data. The CVSS 3.1 base score is 5.4, reflecting a medium severity with network attack vector, high attack complexity, no privileges required, no user interaction, and impacts on confidentiality and integrity but not availability. There is no vendor advisory or patch link provided, and the product is not a cloud service, so remediation responsibility lies with the user or administrator.

Successful exploitation of this SSRF vulnerability could allow an attacker to cause the server hosting WP Optin Wheel to make unintended requests, potentially exposing internal resources or sensitive information. The impact is limited to partial loss of confidentiality and integrity, with no impact on availability. There are no known exploits in the wild, indicating limited active threat at this time.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since no official patch or workaround information is provided, users should monitor the vendor's communications for updates. Until a fix is available, consider restricting outbound server requests from the affected environment as a temporary mitigation if feasible.