Lucene search
+L

269 matches found

Positive Technologies
Positive Technologies
added 2021/04/05 12:0 a.m.10 views

PT-2021-15703 · Themeisle · Orbit Fox

Name of the Vulnerable Software and Affected Versions: Orbit Fox by ThemeIsle affected versions not specified Description: The issue concerns a registration form feature in Orbit Fox by ThemeIsle that integrates with Elementor and Beaver Builder page builders. Administrators can set a default use...

6.5CVSS6.3AI score0.009EPSS
Exploits2References4
ThreatPost
ThreatPost
added 2021/01/13 7:41 p.m.57 views

Critical WordPress-Plugin Bug Found in 'Orbit Fox' Allows Site Takeover

Two vulnerabilities one critical in a WordPress plugin called Orbit Fox could allow attackers to inject malicious code into vulnerable websites and/or take control of a website. Orbit Fox is a multi-featured WordPress plugin that works with the Elementor, Beaver Builder and Gutenberg site-buildin...

0.2AI score
Exploits0References11
Patchstack
Patchstack
added 2021/01/12 12:0 a.m.6 views

WordPress Orbit Fox by ThemeIsle plugin <= 2.10.2 - Authenticated Privilege Escalation vulnerability

Authenticated Privilege Escalation vulnerability found by Chloe Chamberland in WordPress Orbit Fox by ThemeIsle plugin versions = 2.10.2. Solution Update the WordPress Orbit Fox by ThemeIsle plugin to the latest available version at least 2.10.3...

3.5AI score
Exploits0References2Affected Software1
wpexploit
wpexploit
added 2021/01/12 12:0 a.m.123 views

Orbit Fox by ThemeIsle < 2.10.3 - Authenticated Privilege Escalation

Orbit Fox by ThemeIsle has a feature to add a registration form to both the Elementor and Beaver Builder page builders functionality. As part of the registration form, administrators can choose which role to set as the default for users upon registration. This field is hidden from view for...

6.5AI score0.009EPSS
Exploits2References1
WPVulnDB
WPVulnDB
added 2021/01/12 12:0 a.m.16 views

Orbit Fox by ThemeIsle < 2.10.3 - Authenticated Stored Cross Site Scripting

Orbit Fox by ThemeIsle has a feature to add custom scripts to the header and footer of a page or post. There were no checks to verify that a user had the unfilteredhtml capability prior to saving the script tags, thus allowing lower-level users to inject scripts that could potentially be maliciou...

0.5AI score0.00687EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2021/01/12 12:0 a.m.10 views

WordPress Orbit Fox by ThemeIsle plugin <= 2.10.2 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability found by Chloe Chamberland in WordPress Orbit Fox by ThemeIsle plugin versions = 2.10.2. Solution Update the WordPress Orbit Fox by ThemeIsle plugin to the latest available version at least 2.10.3...

2.1AI score
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
added 2021/01/12 12:0 a.m.28 views

Orbit Fox by ThemeIsle < 2.10.3 - Authenticated Privilege Escalation

Orbit Fox by ThemeIsle has a feature to add a registration form to both the Elementor and Beaver Builder page builders functionality. As part of the registration form, administrators can choose which role to set as the default for users upon registration. This field is hidden from view for...

0.1AI score0.009EPSS
Exploits2References1Affected Software1
wpexploit
wpexploit
added 2021/01/12 12:0 a.m.123 views

Orbit Fox by ThemeIsle < 2.10.3 - Authenticated Stored Cross Site Scripting

Orbit Fox by ThemeIsle has a feature to add custom scripts to the header and footer of a page or post. There were no checks to verify that a user had the unfilteredhtml capability prior to saving the script tags, thus allowing lower-level users to inject scripts that could potentially be maliciou...

5.5AI score0.00687EPSS
Exploits2References1
WPVulnDB
WPVulnDB
added 2018/12/07 12:0 a.m.10 views

Orbit Fox by ThemeIsle <= 2.6.3 -Does not properly Authenticate REST API Calls

Orbit Fox by Themeisle aka Themeisle Companion version = 2.6.3 does not properly authenticate REST API calls allowing unauthenticated users to execute several API calls. In some cases one of these calls can be used to upload arbitrary files which can lead to remote code execution...

5.3AI score
Exploits0Affected Software1
Rows per page
Query Builder