Vulnerabilities > CVE-2023-2287 - Unspecified vulnerability in Themeisle Orbitfox

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

LOW

Integrity impact

NONE

Availability impact

NONE

network

low complexity

themeisle

NVD

Published: 2023-05-30

Updated: 2023-11-07

Summary

The Orbit Fox by ThemeIsle WordPress plugin before 2.10.24 does not limit URLs which may be used for the stock photo import feature, allowing the user to specify arbitrary URLs. This leads to a server-side request forgery as the user may force the server to access any URL of their choosing.

Vulnerable Configurations

Part	Description	Count
Application	Themeisle Themeisle Orbitfox *	1

References

https://wpscan.com/vulnerability/1b36a184-2138-4a65-8940-07e7764669bb