3 matches found
CVE-2024-1499
The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Pricing Table widget in the $settings'titletags' parameter in all versions up to, and including, 2.10.30 due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2024-1499
CVE-2024-1499 affects Orbit Fox by ThemeIsle (WordPress plugin) up to version 2.10.30, with Stored XSS in the Pricing Table widget via the $settings['title_tags'] field caused by insufficient input sanitization and output escaping. Exploitation is possible by authenticated users with contributor ...
WordPress Orbit Fox by ThemeIsle Plugin <= 2.10.30 is vulnerable to Cross Site Scripting (XSS)
Software Orbit Fox by ThemeIsle Type Plugin Vulnerable versions = 2.10.30 Fixed in 2.10.31 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1499 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID a63057ae6403 Credits RandomRoot...