CVE-2023-2287

Published: May 30, 2023Modified: Jan 10, 2025

4.3

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Exploitability: 2.8 / Impact: 1.4

Source: NVD

Description

The Orbit Fox by ThemeIsle WordPress plugin before 2.10.24 does not limit URLs which may be used for the stock photo import feature, allowing the user to specify arbitrary URLs. This leads to a server-side request forgery as the user may force the server to access any URL of their choosing.

Affected (1)

Products: Themeisle: Orbitfox

Themeisle

1 product

Orbitfox

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Themeisle Orbitfox	Before 2.10.24

References (2)

https://wpscan.com/vulnerability/1b36a184-2138-4a65-8940-07e7764669bb

Source: contact@wpscan.com

Exploit

https://wpscan.com/vulnerability/1b36a184-2138-4a65-8940-07e7764669bb

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

Timeline

No history available yet.