Close Menu
    Subscribe
    Alerts

    CVE-2025-12886 | THREATINT

    adminBy No Comments1 Min Read


    Home

    Description

    The Oxygen Theme theme for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.0.8 via the laborator_calc_route AJAX action. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.

    PUBLISHED Reserved 2025-11-07 | Published 2026-03-28 | Updated 2026-03-28 | Assigner Wordfence

    HIGH: 7.2CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

    Problem types

    CWE-918 Server-Side Request Forgery (SSRF)

    Product status

    Default status
    unaffected

    * (semver)
    affected

    Timeline

    2026-03-27: Disclosed

    Credits

    Ahmed Rayen Ayari finder

    References

    www.wordfence.com/…-8a4d-40fa-890c-387c787a3b55?source=cve

    documentation.laborator.co/kb/oxygen/oxygen-release-notes/

    cve.org (CVE-2025-12886)

    nvd.nist.gov (CVE-2025-12886)

    Download JSON



    Source link

    Share.

    Related Posts

    Add A Comment

    Comments are closed.