https://feed.craftedsignal.io/tags/oxygen-theme/Trending threats, MITRE ATT&CK coverage, and detection metadata — refreshed continuously.Hugoenhello@craftedsignal.iohello@craftedsignal.ioSat, 28 Mar 2026 04:16:49 +0000https://feed.craftedsignal.io/briefs/2026-03-oxygen-theme-ssrf/Sat, 28 Mar 2026 04:16:49 +0000hello@craftedsignal.iohttps://feed.craftedsignal.io/briefs/2026-03-oxygen-theme-ssrf/The Oxygen Theme for WordPress is vulnerable to Server-Side Request Forgery (SSRF) in versions up to 6.0.8, allowing unauthenticated attackers to make arbitrary web requests via the laborator_calc_route AJAX action.<p>The Oxygen Theme WordPress plugin, versions 6.0.8 and earlier, contains a Server-Side Request Forgery (SSRF) vulnerability (CVE-2025-12886). This flaw allows unauthenticated attackers to send crafted requests to the WordPress server, potentially forcing it to make outbound connections to internal or external resources. The vulnerability is located within the <code>laborator_calc_route</code> AJAX action. By exploiting this, attackers can potentially access sensitive internal resources, bypass firewall…</p> highadvisoryssrfwordpressoxygen-themecve-2025-12886