PT-2023-18742 · Themeisle · Orbit Fox
Alex Sanford
·
Published
2023-05-30
·
Updated
2025-01-10
·
CVE-2023-2287
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Orbit Fox by ThemeIsle WordPress plugin versions prior to 2.10.24
Description
The issue allows users to specify arbitrary URLs for the stock photo import feature, leading to a server-side request forgery. This enables users to force the server to access any URL of their choosing.
Recommendations
For versions prior to 2.10.24, update to version 2.10.24 or later to resolve the issue. As a temporary workaround, consider restricting access to the stock photo import feature until the update is applied.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Orbit Fox