5 matches found
CVE-2023-2287
The Orbit Fox by ThemeIsle WordPress plugin before 2.10.24 does not limit URLs which may be used for the stock photo import feature, allowing the user to specify arbitrary URLs. This leads to a server-side request forgery as the user may force the server to access any URL of their choosing...
CVE-2023-2287 Orbit Fox < 2.10.24 - Author+ Server-Side Request Forgery
The Orbit Fox by ThemeIsle WordPress plugin before 2.10.24 does not limit URLs which may be used for the stock photo import feature, allowing the user to specify arbitrary URLs. This leads to a server-side request forgery as the user may force the server to access any URL of their choosing...
CVE-2023-2287
The vulnerability CVE-2023-2287 affects the Orbit Fox by ThemeIsle WordPress plugin prior to version 2.10.24. Root cause: the stock photo import feature does not restrict target URLs, enabling potential server-side requests (SSRF) to arbitrary URLs. Impact described in sources as SSRF; no exploit...
CVE-2023-2287 Orbit Fox < 2.10.24 - Author+ Server-Side Request Forgery
The Orbit Fox by ThemeIsle WordPress plugin before 2.10.24 does not limit URLs which may be used for the stock photo import feature, allowing the user to specify arbitrary URLs. This leads to a server-side request forgery as the user may force the server to access any URL of their choosing...
WordPress Orbit Fox by ThemeIsle Plugin < 2.10.24 is vulnerable to Server Side Request Forgery (SSRF)
Software Orbit Fox by ThemeIsle Type Plugin Vulnerable versions 2.10.24 Fixed in 2.10.24 OWASP Top 10 A3: Sensitive Data Exposure Classification Server Side Request Forgery SSRF CVE CVE-2023-2287 Patch priority Medium CVSS severity Medium 5.5 Developer Claim ownership PSID b60604d1a545 Credits Al...