CVE-2025-10874
📋 TL;DR
This CVE describes a server-side request forgery (SSRF) vulnerability in the Orbit Fox WordPress plugin. Attackers can force the WordPress server to make arbitrary HTTP requests to internal or external systems. All WordPress sites using vulnerable versions of Orbit Fox are affected.
💻 Affected Systems
- Orbit Fox: Duplicate Page, Menu Icons, SVG Support, Cookie Notice, Custom Fonts & More WordPress plugin
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attacker could access internal services, exfiltrate sensitive data from internal networks, or use the server as a proxy for attacks against other systems.
Likely Case
Information disclosure from internal services, scanning of internal networks, or limited data exfiltration.
If Mitigated
Limited impact if network segmentation restricts internal access and external requests are filtered.
🎯 Exploit Status
Requires authenticated user with appropriate permissions. Exploitation requires understanding of SSRF techniques.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 3.0.2
Vendor Advisory: https://wpscan.com/vulnerability/171ba43f-55b6-471d-af0a-be553baf639a/
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find Orbit Fox plugin. 4. Click 'Update Now' if update available. 5. Alternatively, download version 3.0.2+ from WordPress repository and replace plugin files.
🔧 Temporary Workarounds
Disable stock photo import feature
allRemove or restrict access to the vulnerable functionality
Restrict user permissions
allLimit stock photo import capabilities to trusted administrators only
🧯 If You Can't Patch
- Implement network egress filtering to restrict outbound connections from WordPress server
- Deploy web application firewall (WAF) with SSRF protection rules
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel > Plugins > Orbit Fox > Version. If version is below 3.0.2, system is vulnerable.Check Version:
wp plugin list --name=themeisle-companion --field=versionVerify Fix Applied:
Confirm Orbit Fox plugin version is 3.0.2 or higher in WordPress admin panel.📡 Detection & Monitoring
Log Indicators:
- Unusual outbound HTTP requests from WordPress server
- Requests to internal IP addresses or unusual domains from plugin functionality
Network Indicators:
- HTTP traffic from WordPress server to unexpected internal services
- Outbound requests to unusual external domains
SIEM Query:
source="wordpress-logs" AND (uri="/wp-admin/admin-ajax.php" OR uri CONTAINS "orbit-fox") AND (dest_ip IN [RFC1918] OR dest_domain NOT IN [allowed-domains])