Expert Comments

Expert Insight On Critical “Orbit Fox” WordPress Plugin Vulnerability

Expert(s):
Expert(s):

Two vulnerabilities have been found in the WordPress plugin “Orbit Fox by ThemeIsle” used by more than 400,000 sites. One made it possible for attackers with contributor level access or above to escalate their privileges to those of an administrator and potentially take over a WordPress site.

Experts Comments

Dot Your Expert Comments
Ameet Naik
January 14, 2021
Security Evangelist
PerimeterX

Attackers can plant malware, steal data and hijack users to nefarious sites.

With more than 30 percent of the web currently powered by WordPress, it remains an attractive target for attackers. These two vulnerabilities in the Orbit Fox plugin —a cross-site scripting flaw and a privilege-escalation bug with a CVSS bug-severity score of 9.9— together could allow attackers the ability to inject malicious Javascript code into exposed websites with the goal of taking over control of them. Attackers can then plant malware, steal data and hijack users to nefarious sites.

.....Read More

With more than 30 percent of the web currently powered by WordPress, it remains an attractive target for attackers. These two vulnerabilities in the Orbit Fox plugin —a cross-site scripting flaw and a privilege-escalation bug with a CVSS bug-severity score of 9.9— together could allow attackers the ability to inject malicious Javascript code into exposed websites with the goal of taking over control of them. Attackers can then plant malware, steal data and hijack users to nefarious sites. Such techniques have been used to launch Magecart attacks against thousands of e-commerce sites resulting in the theft of millions of credit card numbers.

  Read Less

Dot Your Expert Comments


Only for registered and approved experts. Please register before providing comments. Register here
* By using this form you agree with the storage and handling of your data by this web site.
Submit
0
FacebookTwitterLinkedinWhatsappEmail

You may also like

Iran Nuclear Facility Potential Cyber Attack – What Expert Says

Industry Leaders On Android.Joker Malware

Expert Reaction On Pulse Secure VPN Users Can’t Login Due...

New Vulnerabilities Put Millions Of IoT Devices At Risk

Expert Comment On Darktrace Set For IPO

Fake App Attacks On The Rise, As Malware Hides In...

Expert On Study That Brits Using Pets’ Names As Online...

Expert Reaction On Europol Publishes Its Serious And Organised Crime...

Fake Netflix App Allows Hackers to Hijack WhatsApp

Hackers Pretend To Be Your Friend In The Latest WhatsApp...