cleantalk
Vulnerabilities and Security Researches

Orbit Fox by ThemeIsle, CVE-2025-10874

CVE, Research URL

CVE-2025-10874

Home page URL

Security reports for Orbit Fox by ThemeIsle

Application

Orbit Fox by ThemeIsle

Published on
Oct 24, 2025
Research Description
The Orbit Fox: Duplicate Page, Menu Icons, SVG Support, Cookie Notice, Custom Fonts & More WordPress plugin before 3.0.2 does not limit URLs which may be used for the stock photo import feature, allowing the user to specify arbitrary URLs. This leads to a server-side request forgery as the user may force the server to access any URL of their choosing.
Affected versions
max 3.0.2.
Status
vulnerable
Previous vulnerability researches
User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor (CVE-2024-12738) , Jan 09, 2025
User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor (CVE-2024-6366) , Jul 30, 2024
User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor (CVE-2025-4671) , Jun 15, 2025
User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor (CVE-2025-13054) , Dec 04, 2025
User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor (CVE-2025-2314) , Apr 17, 2025
New vulnerability
User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor (CVE-2025-13054) , Dec 04, 2025
Visualizer: Tables and Charts Manager for WordPress (CVE-2025-12483) , Dec 04, 2025
Orbit Fox by ThemeIsle (CVE-2025-12045) , Dec 04, 2025
Orbit Fox by ThemeIsle (CVE-2025-10874) , Dec 04, 2025
SM CountDown Widget (CVE-2025-11880) , Nov 14, 2025