cleantalk
Vulnerabilities and Security Researches

Orbit Fox by ThemeIsle, CVE-2021-24157

CVE, Research URL

CVE-2021-24157

Home page URL

Security reports for Orbit Fox by ThemeIsle

Application

Orbit Fox by ThemeIsle

Published on
Apr 06, 2021
Research Description
Orbit Fox by ThemeIsle has a feature to add custom scripts to the header and footer of a page or post. There were no checks to verify that a user had the unfiltered_html capability prior to saving the script tags, thus allowing lower-level users to inject scripts that could potentially be malicious.
Affected versions
Min -, max 2.10.3.
Status
vulnerable
Previous vulnerability researches
Orbit Fox by ThemeIsle (CVE-2025-0311) , Jan 11, 2025
Orbit Fox by ThemeIsle (CVE-2024-2484) , Jun 24, 2024
Orbit Fox by ThemeIsle (CVE-2024-7778) , Aug 22, 2024
Orbit Fox by ThemeIsle (CVE-2025-22659) , Feb 19, 2025
Orbit Fox by ThemeIsle (CVE-2024-13183) , May 07, 2025
New vulnerability
Xavin's List Subpages (CVE-2025-4220) , May 08, 2025
CarDealerPress (CVE-2025-3860) , May 08, 2025
Crossword Compiler Puzzles (CVE-2025-46493) , May 08, 2025
Frontend Dashboard (CVE-2025-4104) , May 08, 2025
Icegram Express – Email Marketing, Newsletters and Automation for WordPress & WooCommerce (CVE-2025-0671) , May 08, 2025