Vulnerabilities > Themeisle > Orbit FOX > 2.10.26

DATE CVE VULNERABILITY TITLE RISK
2024-02-05 CVE-2024-0508 Cross-site Scripting vulnerability in Themeisle Orbit FOX
The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Pricing Table Elementor Widget in all versions up to, and including, 2.10.27 due to insufficient input sanitization and output escaping on the user supplied link URL.
network
low complexity
themeisle CWE-79
5.4
5.4
2024-02-02 CVE-2024-1047 Missing Authorization vulnerability in Themeisle Orbit FOX
The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the register_reference() function in all versions up to, and including, 2.10.28.
network
low complexity
themeisle CWE-862
5.3
5.3
2024-02-02 CVE-2024-1162 Cross-Site Request Forgery (CSRF) vulnerability in Themeisle Orbit FOX
The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.10.29.
network
low complexity
themeisle CWE-352
4.3
4.3
2024-01-11 CVE-2023-6781 Cross-site Scripting vulnerability in Themeisle Orbit FOX
The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's custom fields in all versions up to, and including, 2.10.26 due to insufficient input sanitization and output escaping on user supplied values.
network
low complexity
themeisle CWE-79
5.4
5.4