Oxygen Theme Vulnerabilities, CVEs & Patch Status

Coverage Snapshot

What this page helps you verify fast

This hub clusters every indexed record for Oxygen so operators can quickly confirm whether a disclosed issue maps to the installed slug and version range.

Patch Visibility

2 records include a published patch path.

Severity Mix

0 critical and 2 high severity findings.

Reference Workflow

Jump from the hub into the full report when you need remediation notes, CVSS vector details, or source references.

Known Vulnerabilities

Reports for Oxygen

Sorted by latest disclosure date so newly published issues surface first.

Theme High Patched: Yes CVE-2025-12886

Oxygen <= 6.0.8 - Unauthenticated Server-Side Request Forgery via route_path

The Oxygen Theme theme for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.0.8 via the laborator_calc_route AJAX action. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating fro...

Published

Mar 27, 2026

Patched Release

6.0.9

Affected Versions

Versions up to 6.0.8

Next Step

Update to 6.0.9 or newer if supported.

Open Full Report Open CVE Reference

Theme High Patched: No CVE-2025-69299

Oxygen <= 6.0.8 - Unauthenticated Server-Side Request Forgery

The Oxygen theme for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.0.8. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application which can be used to quer...

Published

Jan 27, 2026