28 matches found
CVE-2025-10874
The Orbit Fox: Duplicate Page, Menu Icons, SVG Support, Cookie Notice, Custom Fonts & More WordPress plugin before 3.0.2 does not limit URLs which may be used for the stock photo import feature, allowing the user to specify arbitrary URLs. This leads to a server-side request forgery as the user m...
WordPress plugin Orbit Fox 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...
CVE-2025-10874
The Orbit Fox: Duplicate Page, Menu Icons, SVG Support, Cookie Notice, Custom Fonts & More WordPress plugin before 3.0.2 does not limit URLs which may be used for the stock photo import feature, allowing the user to specify arbitrary URLs. This leads to a server-side request forgery as the user m...
EUVD-2025-35800
The Orbit Fox: Duplicate Page, Menu Icons, SVG Support, Cookie Notice, Custom Fonts & More WordPress plugin before 3.0.2 does not limit URLs which may be used for the stock photo import feature, allowing the user to specify arbitrary URLs. This leads to a server-side request forgery as the user m...
CVE-2025-10874
The connected Red Hat entry confirms CVE-2025-10874 affects Orbit Fox: Duplicate Page, Menu Icons, SVG Support, Cookie Notice, Custom Fonts & More for WordPress and is due to an unrestricted URL in the stock photo import feature that enables server-side request forgery (SSRF) by forcing the serve...
CVE-2025-10874 Orbit Fox < 3.0.2 - Author+ Server-Side Request Forgery
The Orbit Fox: Duplicate Page, Menu Icons, SVG Support, Cookie Notice, Custom Fonts & More WordPress plugin before 3.0.2 does not limit URLs which may be used for the stock photo import feature, allowing the user to specify arbitrary URLs. This leads to a server-side request forgery as the user m...
EUVD-2022-31473
Malicious code in bioql PyPI...
CVE-2023-2287
The Orbit Fox by ThemeIsle WordPress plugin before 2.10.24 does not limit URLs which may be used for the stock photo import feature, allowing the user to specify arbitrary URLs. This leads to a server-side request forgery as the user may force the server to access any URL of their choosing...
CVE-2023-2287
The Orbit Fox by ThemeIsle WordPress plugin before 2.10.24 does not limit URLs which may be used for the stock photo import feature, allowing the user to specify arbitrary URLs. This leads to a server-side request forgery as the user may force the server to access any URL of their choosing...
Server side request forgery (ssrf)
The Orbit Fox by ThemeIsle WordPress plugin before 2.10.24 does not limit URLs which may be used for the stock photo import feature, allowing the user to specify arbitrary URLs. This leads to a server-side request forgery as the user may force the server to access any URL of their choosing...
WordPress plugin Orbit Fox by ThemeIsle 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code issue vulnerability previously exist...
PT-2023-18742 · Themeisle · Orbit Fox
Name of the Vulnerable Software and Affected Versions: Orbit Fox by ThemeIsle WordPress plugin versions prior to 2.10.24 Description: The issue allows users to specify arbitrary URLs for the stock photo import feature, leading to a server-side request forgery. This enables users to force the serv...
Orbit Fox < 2.10.24 - Author+ Server-Side Request Forgery
The plugin does not limit URLs which may be used for the stock photo import feature, allowing the user to specify arbitrary URLs. This leads to a server-side request forgery as the user may force the server to access any URL of their choosing. PoC 1. Install the Log HTTP Requests plugin to inspec...
The vulnerability of the Windows Photo Import API of the Microsoft Windows operating system allows a perpetrator to gain unauthorized access to protected information and enhance their privileges.
The vulnerability of the Windows Photo Import API of the Microsoft Windows operating system is related to synchronization errors when using a shared resource. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information and increase their privileges...
CVE-2022-26928
Windows Photo Import API Elevation of Privilege Vulnerability...
CVE-2022-26928
Windows Photo Import API Elevation of Privilege Vulnerability...
CVE-2022-26928
Windows Photo Import API Elevation of Privilege Vulnerability...
Privilege escalation
Windows Photo Import API Elevation of Privilege Vulnerability...
CVE-2022-26928 Windows Photo Import API Elevation of Privilege Vulnerability
...
CVE-2022-26928 Windows Photo Import API Elevation of Privilege Vulnerability
...