Lucene search
K
ThemeisleOrbit Fox

15 matches found

CVE
CVE
added 2024/02/27 4:32 a.m.116 views

CVE-2024-1323

CVE-2024-1323 affects Orbit Fox by ThemeIsle (WordPress). Stored XSS via the Post Type Grid Widget Title in versions up to 2.10.30 occurs due to insufficient input sanitization and output escaping of user attributes. Exploitation requires authentication at Contributor+ level; attacker could injec...

6.4CVSS6AI score0.00486EPSS
CVE
CVE
added 2024/02/02 5:33 a.m.88 views

CVE-2024-1047

CVE-2024-1047 concerns Orbit Fox by ThemeIsle (WordPress) with a vulnerability in register_reference() causing unauthorized modification of data. The issue exists in all versions up to and including 2.10.28 due to a missing capability check, enabling unauthenticated attackers to update the connec...

5.3CVSS6.7AI score0.0056EPSS
CVE
CVE
added 2024/02/02 5:33 a.m.83 views

CVE-2024-1162

CVE-2024-1162 overview (Orbit Fox, ThemeIsle, WordPress) : The Orbit Fox plugin (ThemeIsle) for WordPress is vulnerable to Cross-Site Forgery via a missing/incorrect nonce validation in the register_reference() function, affecting versions up to and including 2.10.29. This CSRF flaw can allow una...

4.3CVSS5.2AI score0.00234EPSS
CVE
CVE
added 2025/01/10 6:43 a.m.70 views

CVE-2025-0311

The CVE concerns the WordPress Orbit Fox by ThemeIsle plugin. Affected component: the Pricing Table widget in versions up to and including 2.10.43. Root cause: insufficient input sanitization and output escaping on user-supplied widget attributes. Impact: Stored Cross-Site Scripting that authenti...

6.4CVSS5.8AI score0.00337EPSS
CVE
CVE
added 2024/08/22 9:29 a.m.60 views

CVE-2024-7778

CVE-2024-7778 affects Orbit Fox by ThemeIsle for WordPress. It is a Stored XSS via SVG file uploads in all versions up to and including 2.10.36 due to insufficient input sanitization and output escaping. Exploitation requires authenticated access at Author level or higher, and injected scripts ex...

6.4CVSS5.9AI score0.0031EPSS
CVE
CVE
added 2021/04/05 6:27 p.m.59 views

CVE-2021-24157

The CVE-2021-24157 issue affects Orbit Fox by ThemeIsle WordPress plugin. Affected component: the header/footer script injection feature in Orbit Fox; root cause: no validation of user capabilities (unfiltered_html) before saving script tags, enablingAuthenticated users with lower privileges to i...

5.4CVSS5.4AI score0.00687EPSS
Web
CVE
CVE
added 2024/03/13 3:26 p.m.56 views

CVE-2024-2126

The CVE-2024-2126 entry concerns Orbit Fox by ThemeIsle (WordPress plugin). A Stored Cross-Site Scripting (XSS) flaw exists in the Registration Form Widget across all versions up to and including 2.10.32, caused by insufficient input sanitization and output escaping. Exploitation requires authent...

6.4CVSS6.1AI score0.00423EPSS
CVE
CVE
added 2024/03/13 3:27 p.m.54 views

CVE-2024-1497

The CVE-2024-1497 entry concerns the Orbit Fox by ThemeIsle WordPress plugin. A Stored Cross-Site Scripting (XSS) vulnerability exists in the addr2_width attribute of the form widget, across all versions up to and including 2.10.30, caused by insufficient input sanitization and output escaping. E...

6.4CVSS6.1AI score0.00532EPSS
CVE
CVE
added 2025/01/10 7:21 a.m.53 views

CVE-2024-13183

The CVE-2024-13183 entry refers to the Orbit Fox by ThemeIsle WordPress plugin. A Stored Cross-Site Scripting (Stored XSS) flaw exists in the title_tag parameter across all versions up to and including 2.10.43, caused by insufficient input sanitization and output escaping. Exploitation requires a...

6.4CVSS5.8AI score0.00469EPSS
CVE
CVE
added 2024/06/22 2:1 a.m.50 views

CVE-2024-2484

CVE-2024-2484 affects Orbit Fox by ThemeIsle for WordPress; stored XSS via Services and Post Type Grid widgets in all versions

6.4CVSS5.5AI score0.00385EPSS
CVE
CVE
added 2021/04/05 6:27 p.m.49 views

CVE-2021-24158

CVE-2021-24158 affects Orbit Fox by ThemeIsle (WordPress plugin). Vulnerability: a registration form feature integrated with Elementor and Beaver Builder allows a lower-privileged user to supply the user_role parameter and set the default role for new registrations, despite the field being hidden...

6.5CVSS6.4AI score0.009EPSS
Web
CVE
CVE
added 2024/02/05 9:22 p.m.48 views

CVE-2024-0508

The CVE-2024-0508 entry concerns Orbit Fox by ThemeIsle for WordPress, with a Stored Cross-Site Scripting vulnerability in the Pricing Table Elementor Widget present in all versions up to and including 2.10.27. The issue stems from insufficient input sanitization and output escaping on user-suppl...

6.4CVSS5.2AI score0.00525EPSS
CVE
CVE
added 2025/03/27 3:1 p.m.48 views

CVE-2025-22659

CVE-2025-22659 concerns the WordPress Orbit Fox plugin by ThemeIsle (

6.5CVSS7.2AI score0.00265EPSS
CVE
CVE
added 2024/03/13 3:27 p.m.47 views

CVE-2024-1499

CVE-2024-1499 affects Orbit Fox by ThemeIsle (WordPress plugin) up to version 2.10.30, with Stored XSS in the Pricing Table widget via the $settings['title_tags'] field caused by insufficient input sanitization and output escaping. Exploitation is possible by authenticated users with contributor ...

6.4CVSS6.1AI score0.00532EPSS
CVE
CVE
added 2024/01/11 8:32 a.m.44 views

CVE-2023-6781

The CVE-2023-6781 entry affects Orbit Fox by ThemeIsle (WordPress plugin) up to version 2.10.26, due to insufficient input sanitization and output escaping in custom fields, enabling stored XSS for authenticated users with contributor+ permissions. The issue is fixed in 2.10.27; upgrade to that v...

6.4CVSS5.2AI score0.00403EPSS