A Server-Side Request Forgery (SSRF) vulnerability was found in the password recovery feature of Plane application. This vulnerability enables attackers to manipulate the email input field and insert a payload to force the server to send HTTP requests to domains controlled by the attacker.