VYPR

Oxygen

by WordPress

CVEs (2)

  • CVE-2024-31380CriApr 3, 2024
    risk 0.64cvss 9.9epss 0.01

    Improper Control of Generation of Code ('Code Injection') vulnerability in Soflyy Oxygen Builder allows Code Injection. Vendor is ignoring report, refuses to patch the issue.This issue affects Oxygen Builder: from n/a through 4.9.

  • CVE-2025-12886HigMar 28, 2026
    risk 0.47cvss 7.2epss 0.00

    The Oxygen Theme theme for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.0.8 via the laborator_calc_route AJAX action. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating…