269 matches found
PT-2021-15703 · Themeisle · Orbit Fox
Name of the Vulnerable Software and Affected Versions: Orbit Fox by ThemeIsle affected versions not specified Description: The issue concerns a registration form feature in Orbit Fox by ThemeIsle that integrates with Elementor and Beaver Builder page builders. Administrators can set a default use...
Critical WordPress-Plugin Bug Found in 'Orbit Fox' Allows Site Takeover
Two vulnerabilities one critical in a WordPress plugin called Orbit Fox could allow attackers to inject malicious code into vulnerable websites and/or take control of a website. Orbit Fox is a multi-featured WordPress plugin that works with the Elementor, Beaver Builder and Gutenberg site-buildin...
WordPress Orbit Fox by ThemeIsle plugin <= 2.10.2 - Authenticated Privilege Escalation vulnerability
Authenticated Privilege Escalation vulnerability found by Chloe Chamberland in WordPress Orbit Fox by ThemeIsle plugin versions = 2.10.2. Solution Update the WordPress Orbit Fox by ThemeIsle plugin to the latest available version at least 2.10.3...
Orbit Fox by ThemeIsle < 2.10.3 - Authenticated Privilege Escalation
Orbit Fox by ThemeIsle has a feature to add a registration form to both the Elementor and Beaver Builder page builders functionality. As part of the registration form, administrators can choose which role to set as the default for users upon registration. This field is hidden from view for...
Orbit Fox by ThemeIsle < 2.10.3 - Authenticated Stored Cross Site Scripting
Orbit Fox by ThemeIsle has a feature to add custom scripts to the header and footer of a page or post. There were no checks to verify that a user had the unfilteredhtml capability prior to saving the script tags, thus allowing lower-level users to inject scripts that could potentially be maliciou...
WordPress Orbit Fox by ThemeIsle plugin <= 2.10.2 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability found by Chloe Chamberland in WordPress Orbit Fox by ThemeIsle plugin versions = 2.10.2. Solution Update the WordPress Orbit Fox by ThemeIsle plugin to the latest available version at least 2.10.3...
Orbit Fox by ThemeIsle < 2.10.3 - Authenticated Privilege Escalation
Orbit Fox by ThemeIsle has a feature to add a registration form to both the Elementor and Beaver Builder page builders functionality. As part of the registration form, administrators can choose which role to set as the default for users upon registration. This field is hidden from view for...
Orbit Fox by ThemeIsle < 2.10.3 - Authenticated Stored Cross Site Scripting
Orbit Fox by ThemeIsle has a feature to add custom scripts to the header and footer of a page or post. There were no checks to verify that a user had the unfilteredhtml capability prior to saving the script tags, thus allowing lower-level users to inject scripts that could potentially be maliciou...
Orbit Fox by ThemeIsle <= 2.6.3 -Does not properly Authenticate REST API Calls
Orbit Fox by Themeisle aka Themeisle Companion version = 2.6.3 does not properly authenticate REST API calls allowing unauthenticated users to execute several API calls. In some cases one of these calls can be used to upload arbitrary files which can lead to remote code execution...