WordPress Plugin Vulnerabilities

Orbit Fox < 3.0.2 - Author+ Server-Side Request Forgery

Description

The plugin does not limit URLs which may be used for the stock photo import feature, allowing the user to specify arbitrary URLs. This leads to a server-side request forgery as the user may force the server to access any URL of their choosing.

Proof of Concept

Affects Plugins

Plugin icon
themeisle-companion
Fixed in 3.0.2

References

CVE
CVE-2025-10874

Classification

Type
SSRF
OWASP top 10
A1: Injection
CWE
CWE-918
CVSS
5.5 (medium)

Miscellaneous

Original Researcher
Ryan Roth
Submitter
Ryan Roth
Submitter website
https://ryanmroth.com
Verified
Yes
WPVDB ID
171ba43f-55b6-471d-af0a-be553baf639a

Timeline

Publicly Published
2025-10-03 (about 3 months ago)
Added
2025-10-03 (about 3 months ago)
Last Updated
2025-10-03 (about 3 months ago)

Other

Published
Title
Published
2024-03-13
Title
Automatic < 3.92.1 - Unauthenticated Arbitrary File Download and Server-Side Request Forgery
Published
2025-05-07
Title
Wbcom Designs - Activity Link Preview For BuddyPress < 1.6.0 - Unauthenticated Server-Side Request Forgery
Published
2025-10-24
Title
Slider Templates <= 1.0.3 - Authenticated (Subscriber+) Server-Side Request Forgery
Published
2024-02-28
Title
Friends < 2.8.6 - Authenticated (Admin+) Blind Server-Side Request Forgery
Published
2025-02-24
Title
Enfold < 7.0 - Authenticated (Subscriber+) Server-Side Request Forgery via attachment_id