Themeisle Orbit Fox: Duplicate Page, Menu Icons, Svg Support, Cookie Notice, Custom Fonts & More
13 CVEs affecting Themeisle Orbit Fox: Duplicate Page, Menu Icons, Svg Support, Cookie Notice, Custom Fonts & More. Latest disclosed: 2025-11-04. Critical: 0, High: 0.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-12045 | Medium | 6.4 | 2025-11-04 | The Orbit Fox: Duplicate Page, Menu Icons, SVG Support, Cookie Notice, Custom Fonts & More plugin for WordPress is vulnerable to Stored Cross-Site Scripting vi… |
CVE-2024-13183 | Medium | 6.4 | 2025-01-10 | The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘title_tag’ parameter in all versions up to, and including… |
CVE-2025-0311 | Medium | 6.4 | 2025-01-10 | The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Pricing Table widget in all versions up to, and i… |
CVE-2024-7778 | Medium | 6.4 | 2024-08-22 | The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.10.36… |
CVE-2024-2484 | Medium | 6.4 | 2024-06-22 | The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Services and Post Type Grid widgets in all versions up to… |
CVE-2024-1499 | Medium | 6.4 | 2024-03-13 | The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Pricing Table widget in the $settings['title_tags'] param… |
CVE-2024-1497 | Medium | 6.4 | 2024-03-13 | The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form widget addr2_width attribute in all versions up to, a… |
CVE-2024-2126 | Medium | 6.4 | 2024-03-13 | The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Registration Form widget in all versions up to, and includ… |
CVE-2024-1323 | Medium | 6.4 | 2024-02-27 | The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Post Type Grid Widget Title in all versions up to… |
CVE-2024-0508 | Medium | 6.4 | 2024-02-05 | The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Pricing Table Elementor Widget in all versions up… |
CVE-2023-6781 | Medium | 6.4 | 2024-01-11 | The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's custom fields in all versions up to, and includin… |
CVE-2024-1047 | Medium | 5.3 | 2024-02-02 | Multiple plugins and/or themes for WordPress with the ThemeIsle SDK are vulnerable to unauthorized modification of data due to a missing capability check on th… |
CVE-2024-1162 | Medium | 4.3 | 2024-02-02 | The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.10.29. This is due to missi… |