The vulnerability identified as CVE-2025-62088 involves a Server-Side Request Forgery (SSRF) flaw in the extendons WordPress & WooCommerce Scraper Plugin, Import Data from Any Site (wp_scraper). Versions up to 1.0.7 are affected. SSRF vulnerabilities allow attackers to make the server perform HTTP requests to arbitrary domains, which can lead to information disclosure or interaction with internal systems. The CVSS 3.1 base score is 5.4, reflecting a medium impact with network attack vector, high attack complexity, no privileges required, no user interaction, and partial confidentiality and integrity impact. No patch or official remediation guidance is currently provided by the vendor or other authoritative sources.

An attacker exploiting this SSRF vulnerability could cause the affected server to send crafted requests to internal or external systems, potentially leading to partial disclosure of sensitive information or manipulation of data integrity. The vulnerability does not allow direct denial of service or full system compromise based on the CVSS vector. No known active exploitation has been reported.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, users should consider disabling or restricting the use of the affected plugin, especially in environments where SSRF risks are critical. Monitor vendor channels for updates and apply patches promptly once available.