CVE-2024-1497

CVSS 3.1 Score 6.4 of 10 (medium)

Details

Published Mar 13, 2024

Summary

CVE-2024-1497 is a stored Cross-Site Scripting (XSS) vulnerability affecting the Orbit Fox plugin for WordPress by ThemeIsle. This issue, found in all versions up to and including 2.10.30, stems from insufficient input sanitization and output escaping in the form widget's addr2_width attribute. This weakness allows authenticated attackers with contributor access or higher to inject arbitrary web scripts. These scripts will execute whenever a user visits an injected page.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/uhKmRR
https://www.cve.org/CVERecord?id=CVE-2024-1497
https://nvd.nist.gov/vuln/detail/CVE-2024-1497

Back to Vulnerability Database

CVE-2024-1497

CVSS 3.1 Score 6.4 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations