CVE-2025-12045
- EPSS 0.05%
- Veröffentlicht 04.11.2025 11:19:27
- Zuletzt bearbeitet 04.11.2025 15:40:45
The Orbit Fox: Duplicate Page, Menu Icons, SVG Support, Cookie Notice, Custom Fonts & More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the category and tag 'name' parameters in all versions up to, and including, 3.0.2 due to...
CVE-2025-58593
- EPSS 0.03%
- Veröffentlicht 03.09.2025 14:36:36
- Zuletzt bearbeitet 04.09.2025 15:35:29
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themeisle Orbit Fox by ThemeIsle allows Stored XSS. This issue affects Orbit Fox by ThemeIsle: from n/a through 3.0.0.
CVE-2025-22659
- EPSS 0.06%
- Veröffentlicht 27.03.2025 15:01:50
- Zuletzt bearbeitet 08.07.2025 17:33:37
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themeisle Orbit Fox by ThemeIsle allows Stored XSS.This issue affects Orbit Fox by ThemeIsle: from n/a through 2.10.44.
CVE-2023-2287
- EPSS 0.12%
- Veröffentlicht 30.05.2023 08:15:10
- Zuletzt bearbeitet 10.01.2025 21:15:11
The Orbit Fox by ThemeIsle WordPress plugin before 2.10.24 does not limit URLs which may be used for the stock photo import feature, allowing the user to specify arbitrary URLs. This leads to a server-side request forgery as the user may force the se...