QwikSec

Security Database

CVE

CWE

Training

CVE-2021-24157

Published: Apr 5, 2021

Modified: Aug 3, 2024

PUBLISHED

Description

Orbit Fox by ThemeIsle has a feature to add custom scripts to the header and footer of a page or post. There were no checks to verify that a user had the unfiltered_html capability prior to saving the script tags, thus allowing lower-level users to inject scripts that could potentially be malicious.

Vendor	Product	Versions
Unknown	Orbit Fox by ThemeIsle	affected `2.10.3 - < 2.10.3`

Weaknesses (CWE)

References

https://wpscan.com/vulnerability/28e42f4e-e38a-4bf4-b51b-d8f21c40f037

x_refsource_CONFIRM

https://www.wordfence.com/blog/2021/01/multiple-vulnerabilities-patched-in-orbit-fox-by-themeisle-plugin/

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.