Log out
Get PRO

Latest

Input validation vulnerability in Orbit Fox by ThemeIsle 2.10.32

  • Severity: medium-risk
  • Status: Fixed
  • Publication: March 7, 2024

The Orbit Fox plugin for WordPress, created by ThemeIsle, has a security issue where a type of hacking called Stored Cross-Site Scripting can occur through the Registration Form feature. This happens because the plugin did not have enough protection in place to prevent malicious code from being added to its outputs. This means that someone with the right level of access could insert harmful code into a page that would run whenever someone else visited that page.

Detected in:

Orbit Fox by ThemeIsle fixed vulnerable versions: >= * <= 2.10.32
Orbit Fox Extra Modules: Duplicate Page, Menu Icons, SVG Support, Cookie Notice & More fixed vulnerable versions:
Orbit Fox: Duplicate Page, Menu Icons, SVG Support, Cookie Notice, Custom Fonts & More fixed vulnerable versions:

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

  • Incorrect?

Is this information incorrect? Please leave us a message.