Vulnerabilities > Themeisle > Orbit FOX > 2.10.41

DATE CVE VULNERABILITY TITLE RISK
2025-01-10 CVE-2024-13183 Cross-site Scripting vulnerability in Themeisle Orbit FOX
The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘title_tag’ parameter in all versions up to, and including, 2.10.43 due to insufficient input sanitization and output escaping.
network
low complexity
themeisle CWE-79
5.4
5.4
2025-01-10 CVE-2025-0311 Cross-site Scripting vulnerability in Themeisle Orbit FOX
The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Pricing Table widget in all versions up to, and including, 2.10.43 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
themeisle CWE-79
5.4
5.4