Lucene search
WPScanCVELIST:CVE-2023-2287HistoryMay 30, 2023 - 7:49 a.m.
CVE-2023-2287 Orbit Fox < 2.10.24 - Author+ Server-Side Request Forgery
2023-05-3007:49:17
WPScan
www.cve.org
cve-2023-2287
orbit fox
themeisle
wordpress
plugin
ssrf
vulnerability
server-side request forgery
The Orbit Fox by ThemeIsle WordPress plugin before 2.10.24 does not limit URLs which may be used for the stock photo import feature, allowing the user to specify arbitrary URLs. This leads to a server-side request forgery as the user may force the server to access any URL of their choosing.
CNA Affected
[
{
"vendor": "Unknown",
"product": "Orbit Fox by ThemeIsle",
"versions": [
{
"status": "affected",
"versionType": "custom",
"version": "0",
"lessThan": "2.10.24"
}
],
"defaultStatus": "unaffected",
"collectionURL": "https://wordpress.org/plugins"
}
]Related
cve
cve
CVE-2023-2287
2023-05-30 08:15:10
nvd
nvd
CVE-2023-2287
2023-05-30 08:15:10
openvas
openvas
WordPress Orbit Fox by ThemeIsle Plugin < 2.10.24 SSRF Vulnerability
2023-06-19 00:00:00
prion
prion
Server side request forgery (ssrf)
2023-05-30 08:15:00
wpexploit
wpexploit
Orbit Fox < 2.10.24 - Author+ Server-Side Request Forgery
2023-05-02 00:00:00
wpvulndb
wpvulndb
Orbit Fox < 2.10.24 - Author+ Server-Side Request Forgery
2023-05-02 00:00:00