CVE-2025-12886 in Laborator Oxygen Plugininfo

Summary

The Oxygen Theme theme for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.0.8 via the laborator_calc_route AJAX action. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.

Responsible

Wordfence

Reservation

11/07/2025

Disclosure

03/28/2026

Entries

Published	Base	Temp	Vulnerability	CWE	Prod	Exp	Cou	EPSS	CTI	CVE
03/28/2026	7.3	7.1	Laborator Oxygen Plugin laborator_calc_route server-side request forgery	918	WordPress Plugin	Not defined	Not defined	0.00039	1.88	CVE-2025-12886

Show more

Description
Changes
Cyber Threat Intelligence
API/JSON

◂ PreviousOverviewNext ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!