VulnTitan VulnTitan Security command center
Plugin Vulnerability Hub
Plugin 19 known issues Latest disclosed Nov 03, 2025

Orbit Fox: Duplicate Page, Menu Icons, SVG Support, Cookie Notice, Custom Fonts & More Vulnerabilities

Review known vulnerability records for the WordPress plugin Orbit Fox: Duplicate Page, Menu Icons, SVG Support, Cookie Notice, Custom Fonts & More (`themeisle-companion`), including severity, CVE references, affected versions, and patch status.

Recent tracked CVEs on this page include CVE-2025-12045, CVE-2025-10874 and CVE-2025-58593, so operators can jump from disclosure to patch validation without scanning the full feed first.

View on WordPress.org Back to Feed
Known Records
19
High or Critical
3
Patch Coverage
100%
Last Updated
Nov 04, 2025
Priority CVE Quick Links

Fast paths into Orbit Fox: Duplicate Page, Menu Icons, SVG Support, Cookie Notice, Custom Fonts & More CVE reports

Start with the highest-signal CVE records for this WordPress plugin before scanning the full vulnerability feed.

Indexed CVEs
18
CVE-2021-24158 Critical 2.10.3
CVE-2021-24158 Orbit Fox: Duplicate Page, Menu Icons, SVG Support, Cookie Notice, Custom Fonts & More Privilege Escalation

Orbit Fox by ThemeIsle <= 2.10.2 - Authenticated Privilege Escalation

CVE-2023-2287 High 2.10.24
CVE-2023-2287 Orbit Fox: Duplicate Page, Menu Icons, SVG Support, Cookie Notice, Custom Fonts & More Server-Side Request Forgery

Orbit Fox by ThemeIsle <= 2.10.23 - Authenticated (Author+) Server-Side Request Forgery via URL

CVE-2025-12045 Medium 3.0.3
CVE-2025-12045 Orbit Fox: Duplicate Page, Menu Icons, SVG Support, Cookie Notice, Custom Fonts & More Stored Cross-Site Scripting

Orbit Fox Companion <= 3.0.2 - Authenticated (Author+) Stored Cross-Site Scripting via Post Taxonomy

CVE-2025-10874 Medium 3.0.2
CVE-2025-10874 Orbit Fox: Duplicate Page, Menu Icons, SVG Support, Cookie Notice, Custom Fonts & More Server-Side Request Forgery

Orbit Fox by ThemeIsle <= 3.0.1 - Authenticated (Author+) Server-Side Request Forgery

CVE-2025-58593 Medium 3.0.1
CVE-2025-58593 Orbit Fox: Duplicate Page, Menu Icons, SVG Support, Cookie Notice, Custom Fonts & More Stored Cross-Site Scripting

Orbit Fox by ThemeIsle <= 3.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

CVE-2025-22659 Medium 2.10.45
CVE-2025-22659 Orbit Fox: Duplicate Page, Menu Icons, SVG Support, Cookie Notice, Custom Fonts & More Stored Cross-Site Scripting

Orbit Fox by ThemeIsle <= 2.10.44 - Authenticated (Contributor+) Stored Cross-Site Scripting

CVE-2024-13183 Medium 2.10.44
CVE-2024-13183 Orbit Fox: Duplicate Page, Menu Icons, SVG Support, Cookie Notice, Custom Fonts & More Stored Cross-Site Scripting

Orbit Fox by ThemeIsle <= 2.10.43 - Authenticated (Contributor+) Stored Cross-Site Scripting via title_tag Parameter

CVE-2025-0311 Medium 2.10.44
CVE-2025-0311 Orbit Fox: Duplicate Page, Menu Icons, SVG Support, Cookie Notice, Custom Fonts & More Stored Cross-Site Scripting

Orbit Fox by ThemeIsle <= 2.10.43 - Authenticated (Contributor+) Stored Cross-Site Scripting via Pricing Table Widget

Coverage Snapshot

What this page helps you verify fast

This hub clusters every indexed record for Orbit Fox: Duplicate Page, Menu Icons, SVG Support, Cookie Notice, Custom Fonts & More so operators can confirm whether a disclosed issue maps to the installed slug, version range, and patch path.

Patch Visibility
19 records include a published patch path, leaving 0 with no listed safe release yet.
Severity Mix
1 critical and 2 high severity findings.
Recent CVEs
CVE-2025-12045, CVE-2025-10874 and CVE-2025-58593
Reference Workflow
Jump from the hub into the full report when you need remediation notes, exploit context, CVSS vectors, or source references.
Triage First

Open the records most likely to drive action

These recent records surface the CVE strings, patch cues, and direct report links most operators need first.

Known Vulnerabilities

Reports for Orbit Fox: Duplicate Page, Menu Icons, SVG Support, Cookie Notice, Custom Fonts & More

Sorted by latest disclosure date so newly published issues surface first.

Plugin Medium Patched: Yes CVE-2025-12045
CVE-2025-12045: Orbit Fox Companion <= 3.0.2 - Authenticated (Author+) Stored Cross-Site Scripting via Post Taxonomy

The Orbit Fox: Duplicate Page, Menu Icons, SVG Support, Cookie Notice, Custom Fonts & More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the category and tag 'name' parameters in all versions up to, and including, 3.0.2 due to insufficient input sanitizati...

Published
Nov 03, 2025
Patched Release
3.0.3
Affected Versions
Versions up to 3.0.2
Next Step
Update to 3.0.3 or newer if supported.
Open CVE-2025-12045 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2025-10874
CVE-2025-10874: Orbit Fox by ThemeIsle <= 3.0.1 - Authenticated (Author+) Server-Side Request Forgery

The Orbit Fox: Duplicate Page, Menu Icons, SVG Support, Cookie Notice, Custom Fonts & More plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.0.1. This makes it possible for authenticated attackers, with Author-level access a...

Published
Oct 03, 2025
Patched Release
3.0.2
Affected Versions
Versions up to 3.0.1
Next Step
Update to 3.0.2 or newer if supported.
Open CVE-2025-10874 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2025-58593
CVE-2025-58593: Orbit Fox by ThemeIsle <= 3.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and a...

Published
Sep 03, 2025
Patched Release
3.0.1
Affected Versions
Versions up to 3.0.0
Next Step
Update to 3.0.1 or newer if supported.
Open CVE-2025-58593 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2025-22659
CVE-2025-22659: Orbit Fox by ThemeIsle <= 2.10.44 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.10.44 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and...

Published
Feb 03, 2025
Patched Release
2.10.45
Affected Versions
Versions up to 2.10.44
Next Step
Update to 2.10.45 or newer if supported.
Open CVE-2025-22659 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-13183
CVE-2024-13183: Orbit Fox by ThemeIsle <= 2.10.43 - Authenticated (Contributor+) Stored Cross-Site Scripting via title_tag Parameter

The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘title_tag’ parameter in all versions up to, and including, 2.10.43 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

Published
Jan 09, 2025
Patched Release
2.10.44
Affected Versions
Versions up to 2.10.43
Next Step
Update to 2.10.44 or newer if supported.
Open CVE-2024-13183 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2025-0311
CVE-2025-0311: Orbit Fox by ThemeIsle <= 2.10.43 - Authenticated (Contributor+) Stored Cross-Site Scripting via Pricing Table Widget

The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Pricing Table widget in all versions up to, and including, 2.10.43 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it p...

Published
Jan 09, 2025
Patched Release
2.10.44
Affected Versions
Versions up to 2.10.43
Next Step
Update to 2.10.44 or newer if supported.
Open CVE-2025-0311 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-7778
CVE-2024-7778: Orbit Fox by ThemeIsle <= 2.10.36 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload

The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.10.36 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Aut...

Published
Aug 21, 2024
Patched Release
2.10.37
Affected Versions
Versions up to 2.10.36
Next Step
Update to 2.10.37 or newer if supported.
Open CVE-2024-7778 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-2484
CVE-2024-2484: Orbit Fox by ThemeIsle <= 2.10.34 - Authenticated (Contributor+) Stored Cross-Site Scripting via Services and Post Type Grid Widgets

The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Services and Post Type Grid widgets in all versions up to, and including, 2.10.34 due to insufficient input sanitization and output escaping. This makes it possible for authentica...

Published
Jun 21, 2024
Patched Release
2.10.35
Affected Versions
Versions up to 2.10.34
Next Step
Update to 2.10.35 or newer if supported.
Open CVE-2024-2484 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-2126
CVE-2024-2126: Orbit Fox by ThemeIsle <= 2.10.32 - Authenticated (Contributor+) Stored Cross-Site Scripiting via Registration Form Widget

The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Registration Form widget in all versions up to, and including, 2.10.32 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attacke...

Published
Mar 07, 2024
Patched Release
2.10.33
Affected Versions
Versions up to 2.10.32
Next Step
Update to 2.10.33 or newer if supported.
Open CVE-2024-2126 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-1499
CVE-2024-1499: Orbit Fox by ThemeIsle <= 2.10.30 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Pricing Table widget in the $settings['title_tags'] parameter in all versions up to, and including, 2.10.30 due to insufficient input sanitization and output escaping. This makes...

Published
Feb 26, 2024
Patched Release
2.10.31
Affected Versions
Versions up to 2.10.30
Next Step
Update to 2.10.31 or newer if supported.
Open CVE-2024-1499 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-1497
CVE-2024-1497: Orbit Fox by ThemeIsle <= 2.10.30 - Authenticated (Contributor+) Stored Cross-Site Scripting via form widget addr2_width attribute

The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form widget addr2_width attribute in all versions up to, and including, 2.10.30 due to insufficient input sanitization and output escaping. This makes it possible for authenticate...

Published
Feb 26, 2024
Patched Release
2.10.31
Affected Versions
Versions up to 2.10.30
Next Step
Update to 2.10.31 or newer if supported.
Open CVE-2024-1497 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-1323
CVE-2024-1323: Orbit Fox by ThemeIsle <= 2.10.30 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Post Type Grid Widget Title in all versions up to, and including, 2.10.30 due to insufficient input sanitization and output escaping on user supplied attributes. This mak...

Published
Feb 26, 2024
Patched Release
2.10.32
Affected Versions
Versions up to 2.10.31
Next Step
Update to 2.10.32 or newer if supported.
Open CVE-2024-1323 Report Open CVE Reference