Orbit Fox by ThemeIsle

Wordfence Intelligence   >   Vulnerability Database   >   WordPress Plugins   >   Orbit Fox by ThemeIsle

Information

Software Type Plugin
Software Slug themeisle-companion (view on wordpress.org)
Software Status Active
Software Author themeisle
Software Website orbitfox.com
Software Downloads 11,722,183
Software Active Installs 200,000
Software Record Last Updated April 19, 2024

12 Vulnerabilities

Orbit Fox by ThemeIsle <= 2.10.32 - Authenticated (Contributor+) Stored Cross-Site Scripiting via Registration Form Widget
6.4
CVE-2024-2126
Mar 7, 2024
Researcher: wesley (wcraft)
Orbit Fox by ThemeIsle <= 2.10.30 - Authenticated (Contributor+) Stored Cross-Site Scripting
6.4
CVE-2024-1323
Feb 26, 2024
Researcher: Webbernaut
Orbit Fox by ThemeIsle <= 2.10.30 - Authenticated (Contributor+) Stored Cross-Site Scripting
6.4
CVE-2024-1499
Feb 26, 2024
Researcher: RandomRoot
Orbit Fox by ThemeIsle <= 2.10.30 - Authenticated (Contributor+) Stored Cross-Site Scripting via form widget addr2_width attribute
6.4
CVE-2024-1497
Feb 26, 2024
Researcher: wesley (wcraft)
Orbit Fox by ThemeIsle <= 2.10.29 - Cross-Site Request Forgery
4.3
CVE-2024-1162
Feb 1, 2024
Researcher: Francesco Carlucci
ThemeIsle SDK <= Various Versions - Missing Authorization
5.3
CVE-2024-1047
Feb 1, 2024
Researcher: Francesco Carlucci
Orbit Fox by ThemeIsle <= 2.10.27 - Authenticated(Contributor+) Stored Cross-site Scripting via Pricing Table Elementor Widget
6.4
CVE-2024-0508
Jan 15, 2024
Researcher: Webbernaut
Orbit Fox Companion <= 2.10.26 - Authenticated (Contributor+) Stored Cross-Site Scripting via custom fields
6.4
CVE-2023-6781
Jan 5, 2024
Researcher: Nex Team
Orbit Fox by ThemeIsle <= 2.10.23 - Authenticated (Author+) Server-Side Request Forgery via URL
7.4
CVE-2023-2287
Apr 27, 2023
Researcher: Alex Sanford
Orbit Fox by ThemeIsle <= 2.10.2 - Authenticated (Contributor+) Stored Cross Site Scripting
6.4
CVE-2021-24157
Jan 12, 2021
Researcher: Chloe Chamberland
Orbit Fox by ThemeIsle <= 2.10.2 - Authenticated Privilege Escalation
9.9
CVE-2021-24158
Nov 24, 2020
Researcher: Chloe Chamberland
Orbit Fox by ThemeIsle <= 2.6.3 - Improper REST Capabilities Checks
7.3
CVE ID Unknown
Nov 12, 2018
Researcher: James Golovich
Title CVE ID CVSS Researchers Date
Orbit Fox by ThemeIsle <= 2.10.32 - Authenticated (Contributor+) Stored Cross-Site Scripiting via Registration Form Widget CVE-2024-2126 6.4 wesley (wcraft) March 7, 2024
Orbit Fox by ThemeIsle <= 2.10.30 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2024-1323 6.4 Webbernaut February 26, 2024
Orbit Fox by ThemeIsle <= 2.10.30 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2024-1499 6.4 RandomRoot February 26, 2024
Orbit Fox by ThemeIsle <= 2.10.30 - Authenticated (Contributor+) Stored Cross-Site Scripting via form widget addr2_width attribute CVE-2024-1497 6.4 wesley (wcraft) February 26, 2024
Orbit Fox by ThemeIsle <= 2.10.29 - Cross-Site Request Forgery CVE-2024-1162 4.3 Francesco Carlucci February 1, 2024
ThemeIsle SDK <= Various Versions - Missing Authorization CVE-2024-1047 5.3 Francesco Carlucci February 1, 2024
Orbit Fox by ThemeIsle <= 2.10.27 - Authenticated(Contributor+) Stored Cross-site Scripting via Pricing Table Elementor Widget CVE-2024-0508 6.4 Webbernaut January 15, 2024
Orbit Fox Companion <= 2.10.26 - Authenticated (Contributor+) Stored Cross-Site Scripting via custom fields CVE-2023-6781 6.4 Nex Team January 5, 2024
Orbit Fox by ThemeIsle <= 2.10.23 - Authenticated (Author+) Server-Side Request Forgery via URL CVE-2023-2287 7.4 Alex Sanford April 27, 2023
Orbit Fox by ThemeIsle <= 2.10.2 - Authenticated (Contributor+) Stored Cross Site Scripting CVE-2021-24157 6.4 Chloe Chamberland January 12, 2021
Orbit Fox by ThemeIsle <= 2.10.2 - Authenticated Privilege Escalation CVE-2021-24158 9.9 Chloe Chamberland November 24, 2020
Orbit Fox by ThemeIsle <= 2.6.3 - Improper REST Capabilities Checks 7.3 James Golovich November 12, 2018

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation