Vulnerabilities > Themeisle > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-22 | CVE-2024-7778 | Cross-site Scripting vulnerability in Themeisle Orbit FOX The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.10.36 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-06-22 | CVE-2024-2484 | Cross-site Scripting vulnerability in Themeisle Orbit FOX The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Services and Post Type Grid widgets in all versions up to, and including, 2.10.34 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-06-10 | CVE-2024-35728 | Injection vulnerability in Themeisle Product Addons & Fields for Woocommerce Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in Themeisle PPOM for WooCommerce allows Code Inclusion.This issue affects PPOM for WooCommerce: from n/a through 32.0.20. | 5.3 |
| 2024-06-08 | CVE-2024-35682 | Unspecified vulnerability in Themeisle Otter Blocks Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Themeisle Otter Blocks PRO.This issue affects Otter Blocks PRO: from n/a through 2.6.11. | 5.3 |
| 2024-02-05 | CVE-2024-0508 | Cross-site Scripting vulnerability in Themeisle Orbit FOX The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Pricing Table Elementor Widget in all versions up to, and including, 2.10.27 due to insufficient input sanitization and output escaping on the user supplied link URL. | 5.4 |
| 2024-02-05 | CVE-2024-1092 | Missing Authorization vulnerability in Themeisle RSS Aggregator BY Feedzy The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the feedzy dashboard in all versions up to, and including, 4.4.1. | 4.3 |
| 2024-02-02 | CVE-2024-1047 | Missing Authorization vulnerability in Themeisle Orbit FOX The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the register_reference() function in all versions up to, and including, 2.10.28. | 5.3 |
| 2024-02-02 | CVE-2024-1162 | Cross-Site Request Forgery (CSRF) vulnerability in Themeisle Orbit FOX The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.10.29. | 4.3 |
| 2024-01-11 | CVE-2023-6781 | Cross-site Scripting vulnerability in Themeisle Orbit FOX The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's custom fields in all versions up to, and including, 2.10.26 due to insufficient input sanitization and output escaping on user supplied values. | 5.4 |
| 2024-01-11 | CVE-2023-7019 | Missing Authorization vulnerability in Themeisle Lightstart The LightStart – Maintenance Mode, Coming Soon and Landing Page Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the insert_template function in all versions up to, and including, 2.6.8. | 4.3 |