Themes Vulnerabilities

Foxiz < 2.3.6 - Unauthenticated Server-Side Request Forgery

Description

The Foxiz theme for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.3.5. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application which can be used to query and modify information from internal services.

Affects Themes

foxiz
Fixed in 2.3.6

References

CVE
CVE-2024-37260
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/5c6ac166-d8ad-4ee0-b637-91816cb41eca

Classification

Type
SSRF
OWASP top 10
A1: Injection
CWE
CWE-918
CVSS
7.2 (high)

Miscellaneous

Original Researcher
Kursat Cetin
Verified
No
WPVDB ID
457ae7e7-83d4-41d2-98dd-56ec1351a19d

Timeline

Publicly Published
2024-06-27 (about 1 year ago)
Added
2024-07-03 (about 1 year ago)
Last Updated
2024-07-03 (about 1 year ago)

Other

Published
Title
Published
2024-05-22
Title
WPCafe < 2.2.24 - Unauthenticated Blind Server-Side Request Forgery
Published
2025-09-26
Title
Icegram Express Pro < 5.9.6 - Authenticated (Admin+) Server-Side Request Forgery
Published
2023-07-26
Title
Assistant < 1.4.4 - Editor+ SSRF
Published
2020-11-30
Title
Canto < 3.0.9 - Unauthenticated Blind SSRF
Published
2019-04-27
Title
Print My Blog <= 1.6.5 - Unauthenticated Server Side Request Forgery (SSRF)