First published: Fri Feb 02 2024(Updated: )
The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the register_reference() function in all versions up to, and including, 2.10.28. This makes it possible for unauthenticated attackers to update the connected API keys.
Credit: security@wordfence.com
Affected Software | Affected Version | How to fix |
---|---|---|
Themeisle Orbit Fox | <=2.10.28 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2024-1047 is rated as a medium severity vulnerability due to the potential for unauthorized data modification.
To remediate CVE-2024-1047, update the Orbit Fox by ThemeIsle plugin to version 2.10.29 or later.
All users of the Orbit Fox by ThemeIsle plugin for WordPress, up to and including version 2.10.28, are affected by CVE-2024-1047.
CVE-2024-1047 allows unauthenticated attackers to modify connected API keys, which could lead to further exploitation.
No, CVE-2024-1047 can be exploited by unauthenticated attackers due to a missing capability check.