Home > Vulnerability Database > CVE-2023-2287

Mend.io Vulnerability Database

CVE-2023-2287

Date: May 30, 2023

The Orbit Fox by ThemeIsle WordPress plugin before 2.10.24 does not limit URLs which may be used for the stock photo import feature, allowing the user to specify arbitrary URLs. This leads to a server-side request forgery as the user may force the server to access any URL of their choosing.

Language: PHP

Severity Score

4.3

Related Resources (3)

Url: https://wpscan.com/vulnerability/1b36a184-2138-4a65-8940-07e7764669bb

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-2287

Url: https://www.mend.io/vulnerability-database/CVE-2023-2287

Severity Score

4.3

Weakness Type (CWE)

Server-Side Request Forgery (SSRF)

CWE-918

CVSS v3.1

Base Score:	4.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2023-2287

Date: May 30, 2023

Language: PHP

Severity Score

Related Resources (3)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?