Expert Insight On Critical “Orbit Fox” WordPress Plugin Vulnerability

By   ISBuzz Team
Writer , Information Security Buzz | Jan 14, 2021 05:14 am PST

Two vulnerabilities have been found in the WordPress plugin “Orbit Fox by ThemeIsle” used by more than 400,000 sites. One made it possible for attackers with contributor level access or above to escalate their privileges to those of an administrator and potentially take over a WordPress site.

Notify of
1 Expert Comment
Oldest Most Voted
Inline Feedbacks
View all comments
Ameet Naik
Ameet Naik , Security Evangelist
January 14, 2021 1:55 pm

<p>With more than 30 percent of the web currently powered by WordPress, it remains an attractive target for attackers. These two vulnerabilities in the Orbit Fox plugin —a cross-site scripting flaw and a privilege-escalation bug with a CVSS bug-severity score of 9.9— together could allow attackers the ability to inject malicious Javascript code into exposed websites with the goal of taking over control of them. Attackers can then plant malware, steal data and hijack users to nefarious sites. Such techniques have been used to launch Magecart attacks against thousands of e-commerce sites resulting in the theft of millions of credit card numbers.</p>

Last edited 2 years ago by Ameet Naik

Recent Posts

Would love your thoughts, please comment.x