CVE-2023-2287: Orbit Fox < 2.10.24 - Author+ Server-Side Request Forgery
First published: Tue May 30 2023(Updated: )
The Orbit Fox by ThemeIsle WordPress plugin before 2.10.24 does not limit URLs which may be used for the stock photo import feature, allowing the user to specify arbitrary URLs. This leads to a server-side request forgery as the user may force the server to access any URL of their choosing.
Credit: contact@wpscan.com contact@wpscan.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Themeisle Orbitfox | <2.10.24 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2023-2287?
CVE-2023-2287 is a vulnerability in the Orbit Fox by ThemeIsle WordPress plugin that allows an attacker to force the server to access any URL of their choosing.
How does CVE-2023-2287 affect the Orbit Fox plugin?
CVE-2023-2287 allows the user to specify arbitrary URLs for the stock photo import feature in the Orbit Fox plugin, leading to a server-side request forgery vulnerability.
What is the severity of CVE-2023-2287?
The severity of CVE-2023-2287 is medium, with a severity score of 4.3.
How can I fix CVE-2023-2287?
To fix CVE-2023-2287, update the Orbit Fox by ThemeIsle WordPress plugin to version 2.10.24 or later.
Where can I find more information about CVE-2023-2287?
You can find more information about CVE-2023-2287 at the following reference link: https://wpscan.com/vulnerability/1b36a184-2138-4a65-8940-07e7764669bb
- collector/nvd-latest
- collector/nvd-index
- agent/type
- agent/softwarecombine
- agent/severity
- agent/references
- agent/title
- agent/weakness
- agent/description
- agent/event
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/tags
- agent/author
- agent/source
- vendor/themeisle
- canonical/themeisle orbitfox