Vulnerabilities > Themeisle
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-03-13 | CVE-2024-1499 | Cross-site Scripting vulnerability in Themeisle Orbit FOX The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Pricing Table widget in the $settings['title_tags'] parameter in all versions up to, and including, 2.10.30 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-03-13 | CVE-2024-1684 | Cross-site Scripting vulnerability in Themeisle Otter Blocks The Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the contact form file field CSS metabox in all versions up to, and including, 2.6.3 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-03-13 | CVE-2024-2126 | Cross-site Scripting vulnerability in Themeisle Orbit FOX The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Registration Form widget in all versions up to, and including, 2.10.32 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-02-27 | CVE-2024-1323 | Cross-site Scripting vulnerability in Themeisle Orbit FOX The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Post Type Grid Widget Title in all versions up to, and including, 2.10.30 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-02-05 | CVE-2024-0508 | Cross-site Scripting vulnerability in Themeisle Orbit FOX The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Pricing Table Elementor Widget in all versions up to, and including, 2.10.27 due to insufficient input sanitization and output escaping on the user supplied link URL. | 5.4 |
| 2024-02-05 | CVE-2024-1092 | Missing Authorization vulnerability in Themeisle RSS Aggregator BY Feedzy The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the feedzy dashboard in all versions up to, and including, 4.4.1. | 4.3 |
| 2024-02-02 | CVE-2024-1047 | Missing Authorization vulnerability in Themeisle Orbit FOX The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the register_reference() function in all versions up to, and including, 2.10.28. | 5.3 |
| 2024-02-02 | CVE-2024-1162 | Cross-Site Request Forgery (CSRF) vulnerability in Themeisle Orbit FOX The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.10.29. | 4.3 |
| 2024-01-11 | CVE-2023-6781 | Cross-site Scripting vulnerability in Themeisle Orbit FOX The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's custom fields in all versions up to, and including, 2.10.26 due to insufficient input sanitization and output escaping on user supplied values. | 5.4 |
| 2024-01-11 | CVE-2023-7019 | Missing Authorization vulnerability in Themeisle Lightstart The LightStart – Maintenance Mode, Coming Soon and Landing Page Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the insert_template function in all versions up to, and including, 2.6.8. | 4.3 |