Themeisle

Orbit Fox

15 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4

CVE-2025-22659

  • EPSS 0.13%
  • Veröffentlicht 27.03.2025 15:01:50
  • Zuletzt bearbeitet 01.04.2026 16:22:28

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themeisle Orbit Fox by ThemeIsle themeisle-companion allows Stored XSS.This issue affects Orbit Fox by ThemeIsle: from n/a through <= 2.10.44.

5.4

CVE-2024-13183

  • EPSS 0.18%
  • Veröffentlicht 10.01.2025 08:15:25
  • Zuletzt bearbeitet 16.01.2025 21:28:47

The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘title_tag’ parameter in all versions up to, and including, 2.10.43 due to insufficient input sanitization and output escaping. This makes it possibl...

5.4

CVE-2025-0311

  • EPSS 0.31%
  • Veröffentlicht 10.01.2025 07:15:08
  • Zuletzt bearbeitet 16.01.2025 21:29:36

The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Pricing Table widget in all versions up to, and including, 2.10.43 due to insufficient input sanitization and output escaping on user suppli...

5.4

CVE-2024-7778

  • EPSS 0.25%
  • Veröffentlicht 22.08.2024 10:15:05
  • Zuletzt bearbeitet 26.09.2024 22:22:04

The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.10.36 due to insufficient input sanitization and output escaping. This makes it possible for aut...

5.4

CVE-2024-2484

  • EPSS 0.23%
  • Veröffentlicht 22.06.2024 02:15:44
  • Zuletzt bearbeitet 08.04.2026 17:18:34

The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Services and Post Type Grid widgets in all versions up to, and including, 2.10.34 due to insufficient input sanitization and output escaping. This ma...

5.4

CVE-2024-2126

  • EPSS 0.23%
  • Veröffentlicht 13.03.2024 16:15:31
  • Zuletzt bearbeitet 08.04.2026 17:18:30

The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Registration Form widget in all versions up to, and including, 2.10.32 due to insufficient input sanitization and output escaping. This makes it poss...

5.4

CVE-2024-1497

  • EPSS 0.23%
  • Veröffentlicht 13.03.2024 16:15:23
  • Zuletzt bearbeitet 08.04.2026 19:20:46

The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form widget addr2_width attribute in all versions up to, and including, 2.10.30 due to insufficient input sanitization and output escaping. This make...

5.4

CVE-2024-1499

  • EPSS 0.28%
  • Veröffentlicht 13.03.2024 16:15:23
  • Zuletzt bearbeitet 08.04.2026 19:20:46

The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Pricing Table widget in the $settings['title_tags'] parameter in all versions up to, and including, 2.10.30 due to insufficient input sanitization a...

5.4

CVE-2024-1323

  • EPSS 0.16%
  • Veröffentlicht 27.02.2024 05:15:08
  • Zuletzt bearbeitet 08.04.2026 17:18:18

The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Post Type Grid Widget Title in all versions up to, and including, 2.10.30 due to insufficient input sanitization and output escaping on user...

5.4

CVE-2024-0508

  • EPSS 0.15%
  • Veröffentlicht 05.02.2024 22:16:02
  • Zuletzt bearbeitet 08.04.2026 19:19:10

The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Pricing Table Elementor Widget in all versions up to, and including, 2.10.27 due to insufficient input sanitization and output escaping on t...