Andreas Klöbl

**Name of the Vulnerable Software and Affected Versions** OnAir2 WordPress theme versions prior to 3.9.9.2 QT KenthaRadio WordPress plugin versions prior to 2.0.2 **Description** The issue allows unauthenticated users to exploit exposed proxy functionality, enabling them to send requests that have the web server fetch and display content from any URI. This can lead to Server Side Request Forgery (SSRF) and Remote File Inclusion (RFI) vulnerabilities on the website. **Recommendations** For OnAir2 WordPress theme versions prior to 3.9.9.2, update to version 3.9.9.2 or later. For QT KenthaRadio WordPress plugin versions prior to 2.0.2, update to version 2.0.2 or later. As a temporary workaround, consider disabling the exposed proxy functionality until a patch is available.