CVE-2023-2287
Orbit Fox < 2.10.24 - Author+ Server-Side Request ForgeryThe Orbit Fox by ThemeIsle WordPress plugin before 2.10.24 does not limit URLs which may be used for the stock photo import feature, allowing the user to specify arbitrary URLs. This leads to a server-side request forgery as the user may force the server to access any URL of their choosing.
We have discovered 16,146 live websites that are affected by CVE-2023-2287.
Affected Software
| Product |  OrbitFox |
| Category | Wordpress Plugins |
| Vulnerable Domains | 16,146 live websites (74.51% of OrbitFox install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 122 versions ( 77.71% of all versions) |
Common Weakness Enumeration
CWE-918 Server-Side Request Forgery (SSRF)Details
- Published - May 30, 2023
- Updated - Jan 10, 2025
Credits
- Alex Sanford (finder)
- WPScan (coordinator)
CWE
CVE References
CWE References
CVE-2023-2287 usage by Country
 United States | 4,070 websites |
 Germany | 1,963 websites |
 France | 1,643 websites |
 Poland | 839 websites |
 Netherlands | 609 websites |
 GB | 528 websites |
 Japan | 507 websites |
 Spain | 445 websites |
 Italy | 431 websites |
 Russia | 413 websites |
CVE-2023-2287 usage by TLD
| .com | 5,755 websites |
| .de | 939 websites |
| .org | 807 websites |
| .pl | 708 websites |
| .fr | 706 websites |
| .nl | 614 websites |
| .co.uk | 396 websites |
| .it | 354 websites |
| .net | 347 websites |
| .ru | 325 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2023-2287
Top websites that are affected by CVE-2023-2287. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| *****.com |  Korea, South | **,*** | |
| *******.com | Germany | **,*** | |
| ***************.org | United States | ***,*** | |
| *****************.com | United States | ***,*** | |
| *******.com |  Cyprus | ***,*** | |
| *********.com |  Canada | ***,*** | |
| **********************.org | United States | ***,*** | |
| ***********.fr | France | ***,*** | |
| ***********.com |  Argentina | ***,*** | |
| *********.cz |  Czech Republic | ***,*** |
FAQ
CVE-2023-2287 is Server-Side Request Forgery (SSRF) in OrbitFox
A total of 16,146 websites have been identified as vulnerable to CVE-2023-2287, discovered through global website indexing conducted by WebTechSurvey.
OrbitFox is susceptible to CVE-2023-2287 vulnerability.
OrbitFox versions before 2.10.24 are vulnerable to CVE-2023-2287.
Version 2.10.24 of OrbitFox addresses the CVE-2023-2287 security vulnerability.