Primary

Context

Oxygen WordPress Theme Server-Side Request Forgery Vulnerability

Vulnerability

A server-side request forgery (SSRF) vulnerability has been identified in the Oxygen Theme for WordPress, affecting all versions through 6.0.8. The vulnerability arises in the laborator_calc_route AJAX action, allowing unauthenticated attackers to make web requests to arbitrary locations from the web application. This could be exploited to query and modify information from internal services.

Impact

Exploitation of this vulnerability allows for server-side request forgery, where an attacker can make requests from the server to internal services or external systems, potentially leading to unauthorized information access or modification.

Remediation

Users are advised to update the Oxygen WordPress theme to version 6.0.9 or a newer patched version.

Added: Mar 28, 2026, 4:19 AM

Updated: Mar 28, 2026, 4:19 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

6.8

remediation

0.0

relevance

4.8

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

6.8

remediation

0.0

relevance

4.8

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Oxygen WordPress Theme Server-Side Request Forgery Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating