WordPress SmartRemote Module Allows Unauthorized URL Loading

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

7.1

WordPress SmartRemote Module Allows Unauthorized URL Loading

CVE-2025-15509

Summary

The WordPress SmartRemote module does not properly control which URLs it loads, which could potentially expose sensitive information. This issue allows an attacker to access unauthorized content. Update the module to ensure it only loads trusted URLs to prevent this issue.

What to do

No fix is available yet. Check with your software vendor for updates.

Affected software

Vendor	Product	Affected versions	Fix available
vivo	smartremote_module	<= 5.1.2.0	–

Original title

The SmartRemote module has insufficient restrictions on loading URLs, which may lead to some information leakage.

Original description

The SmartRemote module has insufficient restrictions on loading URLs, which may lead to some information leakage.

nvd CVSS4.0 7.1

Vulnerability type

CWE-306 Missing Authentication for Critical Function

https://www.vivo.com/en/support/security-advisory-detail?id=20

Published: 27 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026