Orbit Fox Plugin Vulnerable to Stored Cross-Site Scripting

CVE-2024-2484

What is CVE-2024-2484?

The Orbit Fox plugin for WordPress, developed by ThemeIsle, is susceptible to Stored Cross-Site Scripting (XSS) due to inadequate input sanitization and output escaping in its Services and Post Type Grid widgets. This vulnerability allows authenticated attackers with a contributor level access or higher to inject arbitrary web scripts into pages. When users access these compromised pages, the injected scripts execute, potentially leading to unauthorized access, data theft, and other malicious activities. All versions of the plugin up to and including 2.10.34 are affected, emphasizing the need for prompt updates and security measures to mitigate the risks associated with this vulnerability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch →

References