Approved changes feed: RSS · Atom
cpe:2.3:a:themeisle:orbitfox:*:*:*:*:*:wordpress:*:*
part: a version: * update: *
| Vendor | Themeisle (952ca4ef-81b0-5b76-b2cc-d8cf654b2d29) |
|---|---|
| Product | Orbitfox (a3168329-ce23-5d19-acfd-28100660d1c6) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | wordpress |
| Target hardware | * |
| Other | * |
| Notes | Imported from purl2cpe mapping |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:github/codeinwp/themeisle-companion |
purl2cpe | 2026-06-01 10:11:57.016763 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2023-2287 |
vulnerable | 2026-06-03 14:51:42.634161 |
Orbit Fox < 2.10.24 - Author+ Server-Side Request Forgery
The Orbit Fox by ThemeIsle WordPress plugin before 2.10.24 does not limit URLs which may be used for the stock photo import feature, allowing the user to specify arbitrary URLs. This leads to a server-side request forgery as the user may force the server to access any URL of their choosing.
Published: 2023-05-30T07:49:17.119Z
Updated: 2025-01-10T20:55:53.771Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.