269 matches found
CVE-2024-7778
The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.10.36 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access...
CVE-2024-4635
The Menu Icons by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘addmimetype’ function in versions up to, and including, 0.13.13 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level...
CVE-2024-35728
Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' vulnerability in Themeisle PPOM for WooCommerce allows Code Inclusion.This issue affects PPOM for WooCommerce: from n/a through 32.0.20...
CVE-2024-35682
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Themeisle Otter Blocks PRO.This issue affects Otter Blocks PRO: from n/a through 2.6.11...
CVE-2024-51671
Missing Authorization vulnerability in Themeisle Otter - Gutenberg Block otter-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Otter - Gutenberg Block: from n/a through = 3.0.3...
CVE-2024-37467
Cross-Site Request Forgery CSRF vulnerability in themeisle Hestia hestia allows Cross Site Request Forgery.This issue affects Hestia: from n/a through = 3.1.2...
CVE-2024-31301
Cross-Site Request Forgery CSRF vulnerability in Themeisle Multiple Page Generator Plugin – MPG.This issue affects Multiple Page Generator Plugin – MPG: from n/a through 3.4.0...
CVE-2023-47529
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in ThemeIsle Cloud Templates & Patterns collection.This issue affects Cloud Templates & Patterns collection: from n/a through 1.2.2...
CVE-2023-23708
Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Themeisle Visualizer: Tables and Charts Manager for WordPress plugin = 3.9.4 versions...
CVE-2023-33927
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Themeisle Multiple Page Generator Plugin – MPG multiple-pages-generator-by-porthas allows SQL Injection.This issue affects Multiple Page Generator Plugin – MPG: from n/a through 3.3.19...
CVE-2023-39920
Missing Authorization vulnerability in Themeisle Redirection for Contact Form 7 wpcf7-redirect allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Redirection for Contact Form 7: from n/a through = 2.9.2...
CVE-2022-46848
Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Themeisle Visualizer: Tables and Charts Manager for WordPress plugin = 3.9.1 versions...
CVE-2022-47143
Cross-Site Request Forgery CSRF vulnerability in Themeisle Multiple Page Generator Plugin – MPG plugin = 3.3.9 versions...
CVE-2021-24157
Orbit Fox by ThemeIsle has a feature to add custom scripts to the header and footer of a page or post. There were no checks to verify that a user had the unfilteredhtml capability prior to saving the script tags, thus allowing lower-level users to inject scripts that could potentially be maliciou...
CVE-2025-22659
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Themeisle Orbit Fox by ThemeIsle themeisle-companion allows Stored XSS.This issue affects Orbit Fox by ThemeIsle: from n/a through = 2.10.44...
CVE-2025-22659
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Themeisle Orbit Fox by ThemeIsle themeisle-companion allows Stored XSS.This issue affects Orbit Fox by ThemeIsle: from n/a through = 2.10.44...
CVE-2025-22659
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Themeisle Orbit Fox by ThemeIsle allows Stored XSS.This issue affects Orbit Fox by ThemeIsle: from n/a through 2.10.44...
CVE-2025-22659
CVE-2025-22659 concerns the WordPress Orbit Fox plugin by ThemeIsle (
CVE-2025-22659 WordPress Orbit Fox by ThemeIsle plugin <= 2.10.44 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Themeisle Orbit Fox by ThemeIsle themeisle-companion allows Stored XSS.This issue affects Orbit Fox by ThemeIsle: from n/a through = 2.10.44...
CVE-2025-22659 WordPress Orbit Fox by ThemeIsle plugin <= 2.10.44 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Themeisle Orbit Fox by ThemeIsle themeisle-companion allows Stored XSS.This issue affects Orbit Fox by ThemeIsle: from n/a through = 2.10.44...