Every CVE whose affected-product data names Themeisle Orbit Fox, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (15)
CVE-2021-24158 — CVSS 6.5 (medium): Orbit Fox by ThemeIsle has a feature to add a registration form to both the Elementor and Beaver Builder page builders functionality. As…
CVE-2025-22659 — CVSS 6.5 (medium): Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themeisle Orbit Fox by ThemeIsle…
CVE-2024-0508 — CVSS 6.4 (medium): The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Pricing Table Elementor…
CVE-2024-1323 — CVSS 6.4 (medium): The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Post Type Grid Widget Title…
CVE-2023-6781 — CVSS 6.4 (medium): The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's custom fields in all versions…
CVE-2024-2484 — CVSS 6.4 (medium): The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Services and Post Type Grid widgets in…
CVE-2024-7778 — CVSS 6.4 (medium): The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to…
CVE-2025-0311 — CVSS 6.4 (medium): The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Pricing Table widget in all…
CVE-2024-13183 — CVSS 6.4 (medium): The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘title_tag’ parameter in all…
CVE-2024-1497 — CVSS 6.4 (medium): The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form widget addr2_width attribute in…
CVE-2024-1499 — CVSS 6.4 (medium): The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Pricing Table widget in the…
CVE-2024-2126 — CVSS 6.4 (medium): The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Registration Form widget in all…
CVE-2021-24157 — CVSS 5.4 (medium): Orbit Fox by ThemeIsle has a feature to add custom scripts to the header and footer of a page or post. There were no checks to verify that…
CVE-2024-1047 — CVSS 5.3 (medium): Multiple plugins and/or themes for WordPress with the ThemeIsle SDK are vulnerable to unauthorized modification of data due to a missing…
CVE-2024-1162 — CVSS 4.3 (medium): The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.10.29…