GCVE - cpe:2.3:a:themeisle:orbit_fox_by_themeisle:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:themeisle:orbit_fox_by_themeisle:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Themeisle (`952ca4ef-81b0-5b76-b2cc-d8cf654b2d29`)
Product	Orbit Fox By Themeisle (`c4bbd3af-6be9-5836-809e-97e61799164e`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2025-58593`	vulnerable	2026-06-03 15:06:22.132223	WordPress Orbit Fox by ThemeIsle Plugin <= 3.0.0 - Cross Site Scripting (XSS) Vulnerability MEDIUM (6.5) Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themeisle Orbit Fox by ThemeIsle themeisle-companion allows Stored XSS.This issue affects Orbit Fox by ThemeIsle: from n/a through <= 3.0.0. Published: 2025-09-03T14:36:36.291Z Updated: 2026-05-13T00:10:58.128Z Open on db.gcve.eu Reference links https://patchstack.com/database/Wordpress/Plugin/themeisle-companion/vulnerability/wordpress-orbit-fox-by-themeisle-plugin-3-0-0-cross-site-scripting-xss-vulnerability?_s_id=cve	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-22659`	vulnerable	2026-06-03 14:59:41.087686	WordPress Orbit Fox by ThemeIsle plugin <= 2.10.44 - Cross Site Scripting (XSS) vulnerability MEDIUM (6.5) Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themeisle Orbit Fox by ThemeIsle themeisle-companion allows Stored XSS.This issue affects Orbit Fox by ThemeIsle: from n/a through <= 2.10.44. Published: 2025-03-27T15:01:50.207Z Updated: 2026-05-12T23:55:42.785Z Open on db.gcve.eu Reference links https://patchstack.com/database/Wordpress/Plugin/themeisle-companion/vulnerability/wordpress-orbit-fox-by-themeisle-plugin-2-10-44-cross-site-scripting-xss-vulnerability?_s_id=cve	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-1162`	vulnerable	2026-06-03 14:54:26.338039	Orbit Fox by ThemeIsle <= 2.10.29 - Cross-Site Request Forgery MEDIUM (4.3) The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.10.29. This is due to missing or incorrect nonce validation on the register_reference() function. This makes it possible for unauthenticated attackers to update the connected API keys via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. Published: 2024-02-02T05:33:15.140Z Updated: 2026-04-08T17:05:23.179Z Open on db.gcve.eu Reference links https://www.wordfence.com/threat-intel/vulnerabilities/id/88f6a24f-f14a-4d0a-be5a-f8c84910b4fc?source=cve https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3030173%40themeisle-companion&new=3030173%40themeisle-companion&sfp_email=&sfph_mail=	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.