WordPress Orbit Fox by ThemeIsle plugin <= 2.10.2 - Authenticated Privilege Escalation vulnerability

themeisle-companion

Software
Orbit Fox by ThemeIsle
Versions
<= 2.10.2
Disclosure date
2021-01-12
Classification
Other Vulnerability Type
OWASP Top 10
A2: Broken Authentication and Session Management

Are your websites subject to this vulnerability?

Details

Authenticated Privilege Escalation vulnerability found by Chloe Chamberland in WordPress Orbit Fox by ThemeIsle plugin (versions <= 2.10.2).

Solution

Update the WordPress Orbit Fox by ThemeIsle plugin to the latest available version (at least 2.10.3).

Found a vulnerability that puts your sites at risk?

Found a vulnerability? Help us secure the web and join our community of ethical hackers.

Are you the developer of this software? Hire our researchers for a thorough security audit.