Orbit fox: duplicate page, menu icons, svg support, cookie notice, custom fonts & more
This hub aggregates every CVE we track for Orbit fox: duplicate page, menu icons, svg support, cookie notice, custom fonts & more, a product in the web cms plugins space. Use it to gauge the current risk picture and drill into individual advisories.
14
CVEs tracked
0
Critical
0
High
0
In CISA KEV
Severity distribution
MEDIUM14
Monthly trend
0
1
0
0
0
0
2
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
1
2024-072026-06
Latest CVEs
The 14 most recently published vulnerabilities affecting Orbit fox: duplicate page, menu icons, svg support, cookie notice, custom fonts & more.
- CVE-2026-11358Orbit Fox: Duplicate Page, Menu Icons, SVG Support, Cookie Notice, Custom Fonts & More <= 3.0.6 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'menu-item-icon' Parameter4.4
- CVE-2025-12045Orbit Fox Companion <= 3.0.2 - Authenticated (Author+) Stored Cross-Site Scripting via Post Taxonomy6.4
- CVE-2024-13183Orbit Fox by ThemeIsle <= 2.10.43 - Authenticated (Contributor+) Stored Cross-Site Scripting via title_tag Parameter6.4
- CVE-2025-0311Orbit Fox by ThemeIsle <= 2.10.43 - Authenticated (Contributor+) Stored Cross-Site Scripting via Pricing Table Widget6.4
- CVE-2024-7778Orbit Fox by ThemeIsle <= 2.10.36 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload6.4
- CVE-2024-2484Orbit Fox by ThemeIsle <= 2.10.34 - Authenticated (Contributor+) Stored Cross-Site Scripting via Services and Post Type Grid Widgets6.4
- CVE-2024-1499Orbit Fox by ThemeIsle <= 2.10.30 - Authenticated (Contributor+) Stored Cross-Site Scripting6.4
- CVE-2024-1497Orbit Fox by ThemeIsle <= 2.10.30 - Authenticated (Contributor+) Stored Cross-Site Scripting via form widget addr2_width attribute6.4
- CVE-2024-2126Orbit Fox by ThemeIsle <= 2.10.32 - Authenticated (Contributor+) Stored Cross-Site Scripiting via Registration Form Widget6.4
- CVE-2024-1323Orbit Fox by ThemeIsle <= 2.10.30 - Authenticated (Contributor+) Stored Cross-Site Scripting6.4
- CVE-2024-0508Orbit Fox by ThemeIsle <= 2.10.27 - Authenticated(Contributor+) Stored Cross-site Scripting via Pricing Table Elementor Widget6.4
- CVE-2024-1162Orbit Fox by ThemeIsle <= 2.10.29 - Cross-Site Request Forgery4.3
- CVE-2024-1047ThemeIsle SDK <= Various Versions - Missing Authorization5.3
- CVE-2023-6781Orbit Fox Companion <= 2.10.26 - Authenticated (Contributor+) Stored Cross-Site Scripting via custom fields6.4
Product normalization is registry-driven with AI assist and human review. How it works