CVE-2025-12886
🟡 Monitoruj
Podatność na atak typu Server-Side Request Forgery w motywie Oxygen Theme pozwala na nieautoryzowane zapytania.
CVSS
7.2
EPSS
0.1%
Exploit
none
Vendor
Opis źródłowy (NVD)
The Oxygen Theme theme for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.0.8 via the laborator_calc_route AJAX action. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.
ssrf
Brak patcha
Źródła i daty
| Źródło | Wartość |
|---|---|
| NVD – CVSS | 7.2 |
| CISA KEV (aktywnie wykorzystywane) | Nie |
| FIRST EPSS (prawdopodobieństwo exploita) | 0.1% |
| Opublikowano (NVD) | 2026-03-28 04:16:49 UTC |
| Ostatnia modyfikacja (NVD) | 2026-04-24 16:36:24 UTC |
Referencje
- https://documentation.laborator.co/kb/oxygen/oxygen-release-notes/ (security@wordfence.com)
- https://www.wordfence.com/threat-intel/vulnerabilities/id/8c83f430-8a4d-40fa-890c-387c787a3b55?source=cve (security@wordfence.com)