WordPress Oxygen Theme Server-Side Request Forgery Vulnerability

A Server-Side Request Forgery (SSRF) vulnerability exists in the WordPress Oxygen theme, specifically in versions through 6.0.8. This vulnerability allows attackers to manipulate the server into making requests to arbitrary domains, potentially leading to the exposure of sensitive information from other services running on the system.

Impact

Exploitation of this vulnerability could allow a malicious actor to cause a website to make requests to an arbitrary domain of their choice, potentially leading to the discovery of sensitive information from other services on the server.

Remediation

Users are advised to deactivate the Oxygen theme and replace it with a different one, as this theme is unlikely to receive further updates or patches. However, deactivating the theme does not remove the security threat unless Patchstack's mitigation rule is applied.