CVE-2024-1497 Orbit Fox by ThemeIsle <= 2.10.30 - Authenticated (Contributor+) Stored Cross-Site Scripting via form widget addr2_width attribute

🗓️ 13 Mar 2024 15:27:11Reported by WordfenceType

The Orbit Fox plugin for WordPress is vulnerable to Stored Cross-Site Scripting due to insufficient input sanitization and output escapin

Reporter	Title	Published	Views	Family All 12
CNNVD	WordPress Plugin Orbit Fox by ThemeIsle Security Vulnerability	13 Mar 202400:00	–	cnnvd
CVE	CVE-2024-1497	13 Mar 202415:27	–	cve
EUVD	EUVD-2024-17245	3 Oct 202520:07	–	euvd
NVD	CVE-2024-1497	13 Mar 202416:15	–	nvd
OSV	CVE-2024-1497	13 Mar 202416:15	–	osv
Patchstack	WordPress Orbit Fox by ThemeIsle plugin <= 2.10.30 - Authenticated (Contributor+) Stored Cross-Site Scripting via form widget addr2_width attribute vulnerability	2 Feb 202620:36	–	patchstack
Prion	Cross site scripting	13 Mar 202416:15	–	prion
Positive Technologies	PT-2024-18092 · Themeisle · Orbit Fox	13 Mar 202400:00	–	ptsecurity
RedhatCVE	CVE-2024-1497	23 May 202509:59	–	redhatcve
Vulnrichment	CVE-2024-1497 Orbit Fox by ThemeIsle <= 2.10.30 - Authenticated (Contributor+) Stored Cross-Site Scripting via form widget addr2_width attribute	13 Mar 202415:27	–	vulnrichment

[
  {
    "vendor": "themeisle",
    "product": "Orbit Fox: Duplicate Page, Menu Icons, SVG Support, Cookie Notice, Custom Fonts & More",
    "versions": [
      {
        "version": "0",
        "status": "affected",
        "lessThanOrEqual": "2.10.30",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

Source	Link
plugins	www.plugins.trac.wordpress.org/browser/themeisle-companion/tags/2.10.30/vendor/codeinwp/themeisle-content-forms/includes/widgets-admin/elementor/elementor_widget_base.php
wordfence	www.wordfence.com/threat-intel/vulnerabilities/id/b4603b58-0972-4e04-91ac-ffc846964722
plugins	www.plugins.trac.wordpress.org/changeset

08 Apr 2026 17:16Current

5.8Medium risk

Vulners AI Score5.8

CVSS 3.16.4

EPSS0.00532

CWE-79