cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-13183,https://securityvulnerability.io/vulnerability/CVE-2024-13183,Stored Cross-Site Scripting in Orbit Fox by ThemeIsle for WordPress,"The Orbit Fox plugin by ThemeIsle for WordPress is susceptible to a stored cross-site scripting (XSS) vulnerability. This flaw arises from inadequate input sanitization and output escaping in the 'title_tag' parameter, permitting authenticated users with Contributor-level access or higher to inject arbitrary web scripts. These malicious scripts could execute on pages accessed by users, creating potential for data exfiltration, session hijacking, or other harmful actions. It is critical for website administrators to update the plugin to the latest version to mitigate this risk and ensure secure interactions.",Wordpress,Orbit Fox By Themeisle,5.4,MEDIUM,0.0005200000014156103,false,,false,false,false,false,false,false,2025-01-10T07:21:46.542Z,0
CVE-2025-0311,https://securityvulnerability.io/vulnerability/CVE-2025-0311,Stored Cross-Site Scripting in Orbit Fox by ThemeIsle WordPress Plugin,"The Orbit Fox by ThemeIsle plugin for WordPress is susceptible to Stored Cross-Site Scripting due to inadequate input sanitization and output escaping within the Pricing Table widget. This vulnerability allows authenticated attackers with contributor access or higher to introduce arbitrary web scripts into web pages. As a result, the malicious scripts can execute when users load affected pages, posing significant security risks.",Wordpress,Orbit Fox By Themeisle,5.4,MEDIUM,0.0005699999746866524,false,,false,false,false,false,false,false,2025-01-10T06:43:16.199Z,0
CVE-2024-7778,https://securityvulnerability.io/vulnerability/CVE-2024-7778,Stored Cross-Site Scripting Vulnerability in Orbit Fox plugin for WordPress,"The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.10.36 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.",Wordpress,Orbit Fox By Themeisle,5.4,MEDIUM,0.0005200000014156103,false,,false,false,false,,false,false,2024-08-22T09:29:30.119Z,0
CVE-2024-1499,https://securityvulnerability.io/vulnerability/CVE-2024-1499,Stored Cross-Site Scripting Vulnerability in Orbit Fox Plugin for WordPress,"The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Pricing Table widget in the  $settings['title_tags'] parameter in all versions up to, and including, 2.10.30 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,Orbit Fox By Themeisle,5.4,MEDIUM,0.0005300000193528831,false,,false,false,false,,false,false,2024-03-13T15:27:19.793Z,0
CVE-2024-1497,https://securityvulnerability.io/vulnerability/CVE-2024-1497,Orbit Fox Plugin Vulnerable to Stored Cross-Site Scripting,"The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form widget addr2_width attribute in all versions up to, and including, 2.10.30 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,Orbit Fox By Themeisle,5.4,MEDIUM,0.0005300000193528831,false,,false,false,false,,false,false,2024-03-13T15:27:11.726Z,0
CVE-2024-2126,https://securityvulnerability.io/vulnerability/CVE-2024-2126,Stored Cross-Site Scripting Vulnerability in Orbit Fox Plugin by ThemeIsle,"The Orbit Fox plugin for WordPress contains a vulnerability that allows authenticated attackers with contributor-level access or higher to execute arbitrary web scripts via the Registration Form widget. This vulnerability is due to a lack of proper input sanitization and output escaping, enabling potential malicious code to be injected into web pages accessed by users. This poses a significant risk, as any user visiting the compromised page could unknowingly execute the injected scripts.",Wordpress,Orbit Fox By Themeisle,5.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-03-13T15:26:32.648Z,0
CVE-2024-1323,https://securityvulnerability.io/vulnerability/CVE-2024-1323,Stored Cross-Site Scripting Vulnerability in Orbit Fox Plugin for WordPress,"The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Post Type Grid Widget Title in all versions up to, and including, 2.10.30 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,Orbit Fox By Themeisle,5.4,MEDIUM,0.000699999975040555,false,,false,false,false,,false,false,2024-02-27T04:32:17.160Z,0
CVE-2024-0508,https://securityvulnerability.io/vulnerability/CVE-2024-0508,Orbit Fox Plugin Vulnerable to Stored Cross-Site Scripting,"The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Pricing Table Elementor Widget in all versions up to, and including, 2.10.27 due to insufficient input sanitization and output escaping on the user supplied link URL. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,Orbit Fox By Themeisle,6.4,MEDIUM,0.000590000010561198,false,,false,false,false,,false,false,2024-02-05T21:22:05.610Z,0
CVE-2024-1162,https://securityvulnerability.io/vulnerability/CVE-2024-1162,Cross-Site Request Forgery Vulnerability in Orbit Fox Plugin by ThemeIsle,"The Orbit Fox plugin by ThemeIsle for WordPress is exposed to a Cross-Site Request Forgery vulnerability across all versions prior to 2.10.29. This vulnerability arises from inadequate nonce validation in the register_reference() function. An attacker, not needing authentication, can exploit this flaw to manipulate API keys by tricking an administrator into making a harmful request, potentially compromising site integrity and security.",Wordpress,Orbit Fox by ThemeIsle,4.3,MEDIUM,0.0005300000193528831,false,,false,false,false,,false,false,2024-02-02T05:33:15.140Z,0
CVE-2024-1047,https://securityvulnerability.io/vulnerability/CVE-2024-1047,Unauthorized Data Modification in Orbit Fox Plugin by ThemeIsle for WordPress,"The Orbit Fox plugin developed by ThemeIsle for WordPress exhibits a significant security flaw due to the absence of a capability check in the register_reference() function. This vulnerability allows unauthenticated attackers to manipulate connected API keys, which could lead to unauthorized data changes. All versions of the plugin up to and including 2.10.28 are affected, posing a risk to users who have not yet updated to the latest version.",Wordpress,Orbit Fox by ThemeIsle,5.3,MEDIUM,0.000699999975040555,false,,false,false,false,,false,false,2024-02-02T05:33:14.536Z,0
CVE-2023-6781,https://securityvulnerability.io/vulnerability/CVE-2023-6781,Stored Cross-Site Scripting Vulnerability in Orbit Fox Plugin by ThemeIsle,"The Orbit Fox plugin by ThemeIsle for WordPress exposes a stored cross-site scripting vulnerability due to inadequate input sanitization and output escaping in its custom fields. This flaw allows authenticated users, including those with contributor-level permissions, to inject arbitrary scripts into pages. These scripts will execute whenever any user accesses the compromised pages, creating potential for various malicious activities. It is crucial for website administrators and users to promptly address this vulnerability in order to safeguard their websites from potential exploitation.",Wordpress,Orbit Fox by ThemeIsle,5.4,MEDIUM,0.0007399999885819852,false,,false,false,false,,false,false,2024-01-11T08:32:29.532Z,0
CVE-2023-2287,https://securityvulnerability.io/vulnerability/CVE-2023-2287,Orbit Fox < 2.10.24 - Author+ Server-Side Request Forgery,"The Orbit Fox by ThemeIsle WordPress plugin before 2.10.24 does not limit URLs which may be used for the stock photo import feature, allowing the user to specify arbitrary URLs. This leads to a server-side request forgery as the user may force the server to access any URL of their choosing.",Wordpress,Orbit Fox by ThemeIsle,4.3,MEDIUM,0.000590000010561198,false,,false,false,true,true,false,false,2023-05-30T08:15:00.000Z,0