Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Orbit Fox: Duplicate Page, Menu Icons, SVG Support, Cookie Notice, Custom Fonts & More — Vulnerabilities & Security Advisories 13

All 13 CVE vulnerabilities found in Orbit Fox: Duplicate Page, Menu Icons, SVG Support, Cookie Notice, Custom Fonts & More, with AI-generated Chinese analysis, references, and POCs.

Vendor: themeisle

CVE IDTitleCVSSSeverityPublished
CVE-2025-12045 Orbit Fox Companion <= 3.0.2 - Authenticated (Author+) Stored Cross-Site Scripting via Post Taxonomy CWE-79 6.4 Medium2025-11-04
CVE-2025-10874 Orbit Fox < 3.0.2 - Author+ Server-Side Request Forgery 8.2 -2025-10-24
CVE-2024-13183 Orbit Fox by ThemeIsle <= 2.10.43 - Authenticated (Contributor+) Stored Cross-Site Scripting via title_tag Parameter CWE-79 6.4 Medium2025-01-10
CVE-2025-0311 Orbit Fox by ThemeIsle <= 2.10.43 - Authenticated (Contributor+) Stored Cross-Site Scripting via Pricing Table Widget CWE-79 6.4 Medium2025-01-10
CVE-2024-7778 Orbit Fox by ThemeIsle <= 2.10.36 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload CWE-79 6.4 Medium2024-08-22
CVE-2024-2484 Orbit Fox by ThemeIsle <= 2.10.34 - Authenticated (Contributor+) Stored Cross-Site Scripting via Services and Post Type Grid Widgets CWE-79 6.4 Medium2024-06-22
CVE-2024-1499 Orbit Fox by ThemeIsle <= 2.10.30 - Authenticated (Contributor+) Stored Cross-Site Scripting CWE-79 6.4 Medium2024-03-13
CVE-2024-1497 Orbit Fox by ThemeIsle <= 2.10.30 - Authenticated (Contributor+) Stored Cross-Site Scripting via form widget addr2_width attribute CWE-79 6.4 Medium2024-03-13
CVE-2024-2126 Orbit Fox by ThemeIsle <= 2.10.32 - Authenticated (Contributor+) Stored Cross-Site Scripiting via Registration Form Widget CWE-79 6.4 Medium2024-03-13
CVE-2024-1323 Orbit Fox by ThemeIsle <= 2.10.30 - Authenticated (Contributor+) Stored Cross-Site Scripting CWE-79 6.4 Medium2024-02-27
CVE-2024-0508 Orbit Fox by ThemeIsle <= 2.10.27 - Authenticated(Contributor+) Stored Cross-site Scripting via Pricing Table Elementor Widget CWE-79 6.4 Medium2024-02-05
CVE-2024-1162 Orbit Fox by ThemeIsle <= 2.10.29 - Cross-Site Request Forgery CWE-352 4.3 Medium2024-02-02
CVE-2023-6781 Orbit Fox Companion <= 2.10.26 - Authenticated (Contributor+) Stored Cross-Site Scripting via custom fields CWE-20 6.4 Medium2024-01-11

All 13 known CVE vulnerabilities affecting Orbit Fox: Duplicate Page, Menu Icons, SVG Support, Cookie Notice, Custom Fonts & More with full Chinese analysis, references, and POCs where available.