- Description
- The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘title_tag’ parameter in all versions up to, and including, 2.10.43 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
- Source
- security@wordfence.com
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 5.4
- Impact score
- 2.7
- Exploitability score
- 2.3
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
- Severity
- MEDIUM
- security@wordfence.com
- CWE-79
- Hype score
- Not currently trending
CVE Alert: CVE-2024-13183 - https://t.co/dvsXFblrra #OSINT #ThreatIntel #CyberSecurity #cve_2024_13183
@RedPacketSec
11 Jan 2025
95 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-13183 Stored XSS Vulnerability in Orbit Fox Wordpress Plugin 2.10.43 The Orbit Fox plugin by ThemeIsle for WordPress has a Stored Cross-Site Scripting (XSS) vulnerability. This happens through the 'title... https://t.co/eRwRrlMJNC
@VulmonFeeds
10 Jan 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:themeisle:orbit_fox:*:*:*:*:*:wordpress:*:*",
"vulnerable": true,
"matchCriteriaId": "1EB041CC-FA1B-4C91-93F9-B58AA9F67060",
"versionEndExcluding": "2.10.44"
}
],
"operator": "OR"
}
]
}
]