cleantalk
Vulnerabilities and Security Researches

Orbit Fox by ThemeIsle, CVE-2025-10874

CVE, Research URL

CVE-2025-10874

Home page URL

Security reports for Orbit Fox by ThemeIsle

Application

Orbit Fox by ThemeIsle

Published on
Oct 24, 2025
Research Description
The Orbit Fox: Duplicate Page, Menu Icons, SVG Support, Cookie Notice, Custom Fonts & More WordPress plugin before 3.0.2 does not limit URLs which may be used for the stock photo import feature, allowing the user to specify arbitrary URLs. This leads to a server-side request forgery as the user may force the server to access any URL of their choosing.
Affected versions
max 3.0.2.
Status
vulnerable
Previous vulnerability researches
PHP Compatibility Checker , Aug 21, 2025
PHP Compatibility Checker (CVE-2023-24421) , Jun 07, 2024
New vulnerability
User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor (CVE-2025-13054) , Dec 04, 2025
Visualizer: Tables and Charts Manager for WordPress (CVE-2025-12483) , Dec 04, 2025
Orbit Fox by ThemeIsle (CVE-2025-12045) , Dec 04, 2025
Orbit Fox by ThemeIsle (CVE-2025-10874) , Dec 04, 2025
SM CountDown Widget (CVE-2025-11880) , Nov 14, 2025