Orbit Fox by ThemeIsle < 2.10.28 – Contributor+ Stored XSS | CVE 2024-0508

Affects Plugins

themeisle-companion

Fixed in 2.10.28

References

CVE

CVE-2024-0508

URL

https://www.wordfence.com/threat-intel/vulnerabilities/id/ecc5a17e-c716-48bd-9b4d-49d870ae6bf3

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

CVSS

6.4 (medium)

Miscellaneous

Original Researcher

Webbernaut

Verified

No

WPVDB ID

67376b9c-b270-4c56-bba7-5e28aa77c29c

Timeline

Publicly Published

2024-01-15 (about 3 months ago)

Added

2024-01-17 (about 3 months ago)

Last Updated

2024-01-17 (about 3 months ago)

Other

Published

Title

Published

2023-08-28

Title

Locatoraid Store Locator < 3.9.24 - Reflected XSS

Published

2015-06-12

Title

Yoast SEO < 2.2 - Authenticated Stored DOM XSS

Published

2023-07-04

Title

WP Content Copy Protection & No Right Click < 3.5.6 - Admin+ Stored XSS

Published

2023-02-02

Title

Pinpoint Booking System < 2.9.9.2.9 - Admin+ Stored XSS

Published

2023-06-12

Title

YaySMTP < 2.4.6 - Unauthenticated Stored Cross-Site Scripting