{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/oxygen-theme/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["ssrf","wordpress","oxygen-theme","cve-2025-12886"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eThe Oxygen Theme WordPress plugin, versions 6.0.8 and earlier, contains a Server-Side Request Forgery (SSRF) vulnerability (CVE-2025-12886). This flaw allows unauthenticated attackers to send crafted requests to the WordPress server, potentially forcing it to make outbound connections to internal or external resources. The vulnerability is located within the \u003ccode\u003elaborator_calc_route\u003c/code\u003e AJAX action. By exploiting this, attackers can potentially access sensitive internal resources, bypass firewall…\u003c/p\u003e\n","date_modified":"2026-03-28T04:16:49Z","date_published":"2026-03-28T04:16:49Z","id":"/briefs/2026-03-oxygen-theme-ssrf/","summary":"The Oxygen Theme for WordPress is vulnerable to Server-Side Request Forgery (SSRF) in versions up to 6.0.8, allowing unauthenticated attackers to make arbitrary web requests via the laborator_calc_route AJAX action.","title":"Oxygen Theme WordPress Plugin Vulnerable to Server-Side Request Forgery (CVE-2025-12886)","url":"https://feed.craftedsignal.io/briefs/2026-03-oxygen-theme-ssrf/"}],"language":"en","title":"CraftedSignal Threat Feed — Oxygen-Theme","version":"https://jsonfeed.org/version/1.1"}