Lucene search
K

5 matches found

NVD
NVD
added 2023/05/30 8:15 a.m.25 views

CVE-2023-2287

The Orbit Fox by ThemeIsle WordPress plugin before 2.10.24 does not limit URLs which may be used for the stock photo import feature, allowing the user to specify arbitrary URLs. This leads to a server-side request forgery as the user may force the server to access any URL of their choosing...

4.3CVSS4.8AI score0.00557EPSS
Exploits2References1
Cvelist
Cvelist
added 2023/05/30 7:49 a.m.29 views

CVE-2023-2287 Orbit Fox < 2.10.24 - Author+ Server-Side Request Forgery

The Orbit Fox by ThemeIsle WordPress plugin before 2.10.24 does not limit URLs which may be used for the stock photo import feature, allowing the user to specify arbitrary URLs. This leads to a server-side request forgery as the user may force the server to access any URL of their choosing...

5AI score0.00557EPSS
Exploits2References1
CVE
CVE
added 2023/05/30 7:49 a.m.72 views

CVE-2023-2287

The vulnerability CVE-2023-2287 affects the Orbit Fox by ThemeIsle WordPress plugin prior to version 2.10.24. Root cause: the stock photo import feature does not restrict target URLs, enabling potential server-side requests (SSRF) to arbitrary URLs. Impact described in sources as SSRF; no exploit...

4.3CVSS4.6AI score0.00557EPSS
Exploits2References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/05/30 7:49 a.m.12 views

CVE-2023-2287 Orbit Fox < 2.10.24 - Author+ Server-Side Request Forgery

The Orbit Fox by ThemeIsle WordPress plugin before 2.10.24 does not limit URLs which may be used for the stock photo import feature, allowing the user to specify arbitrary URLs. This leads to a server-side request forgery as the user may force the server to access any URL of their choosing...

7.2AI score0.00557EPSS
Exploits2References1
Patchstack
Patchstack
added 2023/04/27 12:0 a.m.11 views

WordPress Orbit Fox by ThemeIsle Plugin < 2.10.24 is vulnerable to Server Side Request Forgery (SSRF)

Software Orbit Fox by ThemeIsle Type Plugin Vulnerable versions 2.10.24 Fixed in 2.10.24 OWASP Top 10 A3: Sensitive Data Exposure Classification Server Side Request Forgery SSRF CVE CVE-2023-2287 Patch priority Medium CVSS severity Medium 5.5 Developer Claim ownership PSID b60604d1a545 Credits Al...

4.3CVSS6.9AI score0.00557EPSS
Exploits2References4Affected Software1
Rows per page
Query Builder