cleantalk
Vulnerabilities and Security Researches

Orbit Fox by ThemeIsle, 655ce056f5c45d9d82efb41be6b110200c64c282

CVE, Research URL

655ce056f5c45d9d82efb41be6b110200c64c282

Home page URL

Security reports for Orbit Fox by ThemeIsle

Application

Orbit Fox by ThemeIsle

Published on
Nov 12, 2018
Research Description
Orbit Fox: Duplicate Page, Menu Icons, SVG Support, Cookie Notice, Custom Fonts &amp; More [themeisle-companion] < 2.6.4 Orbit Fox by ThemeIsle <= 2.6.3 - Improper REST Capabilities Checks The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on several REST API endpoints in versions up to, and including, 2.6.3. This makes it possible for unauthenticated attackers to perform unauthorized actions such as uploading arbitrary files that can be used for remote code execution.
Affected versions
max 2.6.4.
Status
vulnerable
Previous vulnerability researches
Orbit Fox by ThemeIsle (CVE-2025-10874) , Dec 04, 2025
Orbit Fox by ThemeIsle (CVE-2025-12045) , Dec 04, 2025
Orbit Fox by ThemeIsle (CVE-2025-0311) , Jan 11, 2025
Orbit Fox by ThemeIsle (CVE-2024-2484) , Jun 24, 2024
Orbit Fox by ThemeIsle (CVE-2024-7778) , Aug 22, 2024
New vulnerability
Form Maker by 10Web &#8211; Mobile-Friendly Drag &amp; Drop Contact Form Builder (CVE-2026-11777) , Jun 19, 2026
Form Maker by 10Web &#8211; Mobile-Friendly Drag &amp; Drop Contact Form Builder (CVE-2026-11776) , Jun 19, 2026
LearnPress &#8211; WordPress LMS Plugin (CVE-2026-8383) , Jun 19, 2026
WP Travel Gutenberg Blocks (CVE-2026-54808) , Jun 19, 2026
BetterDocs – Best Documentation, FAQ &amp; Knowledge Base Plugin with AI Support (CVE-2026-12157) , Jun 19, 2026