Critical admin gap in WordPress plug-in Orbit Fox
Source: Heise.de added 18th Jan 2021Attackers could attack websites created with the Content Management System (CMS) WordPress if the Orbit Fox plug-in is used with certain settings. If the conditions are right, attackers could, in the worst case, take over pages as admin.
According to the plug-in website, Orbit Fox is on 400. 000 Websites actively installed. This enables website operators to equip forms with social media functions, for example.
Dangerous vulnerabilities Websites with Orbit Fox are only vulnerable when the registration form is active and the Beaver Builder or Elementor plug-ins are running. If this is the case, attackers could start with prepared queries on the form and use an actually isolated field for classifying user rights. If that works, you’ll end up as an admin, warn security researchers from Wordfence in a post.
A CVE number has not yet been assigned for the security vulnerability. The threat level is classified as ” critical “. The second vulnerability is classified as ” medium “. Here, attackers could put their own code in contributions (stored XSS).
The plug-in developers state that the gaps in the Orbit Fox Version 2. 10. 3 to have closed.
(of)
brands: CODE Equip Orbit media: Heise.de
Related posts
Notice: Undefined variable: all_related in /var/www/vhosts/rondea.com/httpdocs/wp-content/themes/rondea-2-0/single-article.php on line 88
Notice: Undefined variable: all_related in /var/www/vhosts/rondea.com/httpdocs/wp-content/themes/rondea-2-0/single-article.php on line 88
Related Products
Notice: Undefined variable: all_related in /var/www/vhosts/rondea.com/httpdocs/wp-content/themes/rondea-2-0/single-article.php on line 91
Warning: Invalid argument supplied for foreach() in /var/www/vhosts/rondea.com/httpdocs/wp-content/themes/rondea-2-0/single-article.php on line 91