CVE-2025-22659: WordPress Orbit Fox by ThemeIsle plugin <= 2.10.44 - Cross Site Scripting (XSS) vulnerability
First published: Thu Mar 27 2025(Updated: )
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themeisle Orbit Fox by ThemeIsle allows Stored XSS.This issue affects Orbit Fox by ThemeIsle: from n/a through 2.10.44.
Credit: audit@patchstack.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Orbit Fox by Themeisle | <=2.10.44 | |
| Orbit Fox by Themeisle | <=2.10.44 |
Remedy
Update the WordPress Orbit Fox by ThemeIsle wordpress plugin to the latest available version (at least 2.10.45).
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2025-22659?
CVE-2025-22659 is classified as a high severity vulnerability due to its potential for Stored XSS attacks.
How do I fix CVE-2025-22659?
To fix CVE-2025-22659, update Orbit Fox by ThemeIsle to version 2.10.45 or later.
What types of applications are affected by CVE-2025-22659?
CVE-2025-22659 affects Orbit Fox by ThemeIsle versions up to and including 2.10.44.
What is Stored XSS in relation to CVE-2025-22659?
Stored XSS allows attackers to inject malicious scripts that are stored on the server and executed in the browser of users accessing the affected web application.
Who is the vendor responsible for CVE-2025-22659?
The vendor responsible for CVE-2025-22659 is ThemeIsle, the developer of Orbit Fox.
- collector/mitre-cve
- source/MITRE
- collector/nvd-api
- source/NVD
- agent/last-modified-date
- agent/weakness
- agent/references
- agent/title
- agent/severity
- agent/remedy
- agent/author
- agent/source
- agent/type
- agent/description
- agent/first-publish-date
- agent/event
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- vendor/themeisle
- canonical/orbit fox by themeisle
- vendor/wordpress