85 matches found
WordPress Orbit Fox by ThemeIsle plugin <= 2.10.30 - Authenticated (Contributor+) Stored Cross-Site Scripting via form widget addr2_width attribute vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via form widget addr2width attribute vulnerability discovered by wesley wcraft in WordPress Plugin Orbit Fox by ThemeIsle versions = 2.10.30...
CVE-2025-10874
The Orbit Fox: Duplicate Page, Menu Icons, SVG Support, Cookie Notice, Custom Fonts & More WordPress plugin before 3.0.2 does not limit URLs which may be used for the stock photo import feature, allowing the user to specify arbitrary URLs. This leads to a server-side request forgery as the user m...
CVE-2025-10874 Orbit Fox < 3.0.2 - Author+ Server-Side Request Forgery
The Orbit Fox: Duplicate Page, Menu Icons, SVG Support, Cookie Notice, Custom Fonts & More WordPress plugin before 3.0.2 does not limit URLs which may be used for the stock photo import feature, allowing the user to specify arbitrary URLs. This leads to a server-side request forgery as the user m...
CVE-2025-10874
The connected Red Hat entry confirms CVE-2025-10874 affects Orbit Fox: Duplicate Page, Menu Icons, SVG Support, Cookie Notice, Custom Fonts & More for WordPress and is due to an unrestricted URL in the stock photo import feature that enables server-side request forgery (SSRF) by forcing the serve...
EUVD-2023-33793
Malicious code in bioql PyPI...
EUVD-2025-1598
Malicious code in bioql PyPI...
EUVD-2024-51405
Malicious code in bioql PyPI...
EUVD-2024-48640
Malicious code in bioql PyPI...
EUVD-2024-27090
Malicious code in bioql PyPI...
EUVD-2024-16931
Malicious code in bioql PyPI...
EUVD-2024-17081
Malicious code in bioql PyPI...
CVE-2025-58593 WordPress Orbit Fox by ThemeIsle Plugin <= 3.0.0 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Themeisle Orbit Fox by ThemeIsle themeisle-companion allows Stored XSS.This issue affects Orbit Fox by ThemeIsle: from n/a through = 3.0.0...
CVE-2025-58593
CVE-2025-58593 : Stored XSS in Orbit Fox by ThemeIsle (WordPress plugin) due to improper input neutralization during web page generation. Affected: Orbit Fox versions up to and including 3.0.0. Remediation: update Orbit Fox to a version later than 3.0.0. Details are corroborated by Patchstack/PT-...
CVE-2021-24158
Orbit Fox by ThemeIsle has a feature to add a registration form to both the Elementor and Beaver Builder page builders functionality. As part of the registration form, administrators can choose which role to set as the default for users upon registration. This field is hidden from view for...
CVE-2021-24157
Orbit Fox by ThemeIsle has a feature to add custom scripts to the header and footer of a page or post. There were no checks to verify that a user had the unfilteredhtml capability prior to saving the script tags, thus allowing lower-level users to inject scripts that could potentially be maliciou...
CVE-2025-22659 WordPress Orbit Fox by ThemeIsle plugin <= 2.10.44 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Themeisle Orbit Fox by ThemeIsle themeisle-companion allows Stored XSS.This issue affects Orbit Fox by ThemeIsle: from n/a through = 2.10.44...
CVE-2024-13183 Orbit Fox by ThemeIsle <= 2.10.43 - Authenticated (Contributor+) Stored Cross-Site Scripting via title_tag Parameter
The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘titletag’ parameter in all versions up to, and including, 2.10.43 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2024-13183
The CVE-2024-13183 entry refers to the Orbit Fox by ThemeIsle WordPress plugin. A Stored Cross-Site Scripting (Stored XSS) flaw exists in the title_tag parameter across all versions up to and including 2.10.43, caused by insufficient input sanitization and output escaping. Exploitation requires a...
CVE-2024-13183 Orbit Fox by ThemeIsle <= 2.10.43 - Authenticated (Contributor+) Stored Cross-Site Scripting via title_tag Parameter
The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘titletag’ parameter in all versions up to, and including, 2.10.43 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
PT-2025-3824 · Themeisle · Orbit Fox
Name of the Vulnerable Software and Affected Versions: Orbit Fox by ThemeIsle plugin for WordPress versions up to, and including, 2.10.43 Description: The issue is related to Stored Cross-Site Scripting via the plugin's Pricing Table widget due to insufficient input sanitization and output escapi...