CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 6 days ago•26 views

CVE-2026-11358 Orbit Fox: Duplicate Page, Menu Icons, SVG Support, Cookie Notice, Custom Fonts & More <= 3.0.6 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'menu-item-icon' Parameter

4.4CVSS0.00203EPSS

CVE•added 6 days ago•22 views

CVE-2026-11358

The CVE concerns the Orbit Fox: Duplicate Page, Menu Icons, SVG Support, Cookie Notice, Custom Fonts & More plugin for WordPress (versions up to 3.0.6). The vulnerability is a Stored Cross-Site Scripting flaw arising from insufficient input sanitization and output escaping in admin settings. It a...

4.4CVSS5.5AI score0.00203EPSS

EUVD•added 6 days ago•10 views

EUVD-2026-37850

4.4CVSS5.4AI score0.00203EPSS

Patchstack•added last week•14 views

WordPress Orbit Fox: Duplicate Page, Menu Icons, SVG Support, Cookie Notice, Custom Fonts & More plugin <= 3.0.6 - Authenticated (Administrator+) Stored Cross-Site Scripting vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting vulnerability discovered by Meher Sudhakar Abbireddi in WordPress Plugin Orbit Fox by ThemeIsle versions = 3.0.6...

4.4CVSS5.2AI score0.00203EPSS

Patchstack•added 2026/02/02 8:36 p.m.•5 views

WordPress Orbit Fox by ThemeIsle plugin <= 2.10.30 - Authenticated (Contributor+) Stored Cross-Site Scripting via form widget addr2_width attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via form widget addr2width attribute vulnerability discovered by wesley wcraft in WordPress Plugin Orbit Fox by ThemeIsle versions = 2.10.30...

6.4CVSS7.1AI score0.00532EPSS

RedhatCVE•added 2026/01/07 9:15 a.m.•13 views

CVE-2024-2126

The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Registration Form widget in all versions up to, and including, 2.10.32 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS5.8AI score0.00423EPSS

Patchstack•added 2025/11/04 1:15 p.m.•8 views

WordPress Orbit Fox Companion plugin <= 3.0.2 - Authenticated (Author+) Stored Cross-Site Scripting via Post Taxonomy vulnerability

Authenticated Author+ Stored Cross-Site Scripting via Post Taxonomy vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin Orbit Fox by ThemeIsle versions = 3.0.2...

6.4CVSS5.6AI score0.00199EPSS

NVD•added 2025/11/04 12:15 p.m.•6 views

CVE-2025-12045

The Orbit Fox: Duplicate Page, Menu Icons, SVG Support, Cookie Notice, Custom Fonts & More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the category and tag 'name' parameters in all versions up to, and including, 3.0.2 due to insufficient input sanitization and output...

6.4CVSS0.00199EPSS

Cvelist•added 2025/11/04 11:19 a.m.•14 views

CVE-2025-12045 Orbit Fox Companion <= 3.0.2 - Authenticated (Author+) Stored Cross-Site Scripting via Post Taxonomy

6.4CVSS0.00199EPSS

CVE•added 2025/11/04 11:19 a.m.•15 views

CVE-2025-12045

CVE-2025-12045 — Orbit Fox Companion (WordPress) is vulnerable to authenticated Stored XSS via the category and tag name parameters in versions up to and including 3.0.2. Exploitation requires Author+ privileges; an attacker can inject scripts that execute when users view the injected page. The c...

6.4CVSS4.7AI score0.00199EPSS

EUVD•added 2025/11/04 11:19 a.m.•3 views

EUVD-2025-37757

6.4CVSS4.6AI score0.00199EPSS

Vulnrichment•added 2025/11/04 11:19 a.m.•3 views

CVE-2025-12045 Orbit Fox Companion <= 3.0.2 - Authenticated (Author+) Stored Cross-Site Scripting via Post Taxonomy

6.4CVSS4.7AI score0.00199EPSS

CNNVD•added 2025/11/04 12:0 a.m.•4 views

WordPress plugin Orbit Fox Companion 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin ... A cross-sit...

6.4CVSS5.7AI score0.00199EPSS

Positive Technologies•added 2025/11/04 12:0 a.m.•4 views

PT-2025-44992

Name of the Vulnerable Software and Affected Versions Orbit Fox Companion versions up to and including 3.0.2 Description The Orbit Fox: Duplicate Page, Menu Icons, SVG Support, Cookie Notice, Custom Fonts & More plugin for WordPress is susceptible to Stored Cross-Site Scripting. This is due to...

6.4CVSS5.8AI score0.00199EPSS

Exploits0References8

RedhatCVE•added 2025/10/25 6:17 a.m.•7 views

CVE-2025-10874

The Orbit Fox: Duplicate Page, Menu Icons, SVG Support, Cookie Notice, Custom Fonts & More WordPress plugin before 3.0.2 does not limit URLs which may be used for the stock photo import feature, allowing the user to specify arbitrary URLs. This leads to a server-side request forgery as the user m...

5.5CVSS6.7AI score0.00173EPSS

CNNVD•added 2025/10/25 12:0 a.m.•5 views

WordPress plugin Orbit Fox 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

5.5CVSS6.6AI score0.00173EPSS

Patchstack•added 2025/10/24 10:33 p.m.•6 views

WordPress Orbit Fox plugin < 3.0.2 - Author+ Server-Side Request Forgery vulnerability

Author+ Server-Side Request Forgery vulnerability discovered by Ryan Roth in WordPress Plugin Orbit Fox by ThemeIsle versions 3.0.2...

5.5CVSS7AI score0.00173EPSS

NVD•added 2025/10/24 6:15 a.m.•3 views

CVE-2025-10874

5.5CVSS0.00173EPSS