CVE-2024-1162

The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.10.29. This is due to missing or incorrect nonce validation on the register_reference() function. This makes it possible for unauthenticated attackers to update the connected API keys via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

We have discovered 16,708 live websites that are affected by CVE-2024-1162.

Test my site



Affected Software

Product  OrbitFox
Category Wordpress Plugins
Vulnerable Domains16,708 live websites (77.10% of OrbitFox install base)
Vulnerable Versions
  • from 0 through 2.10.29
Vulnerable Versions Count128 versions ( 81.53% of all versions)



Details

  • Published - Feb 2, 2024
  • Updated - Aug 1, 2024

Credits

  • Francesco Carlucci (finder)

CVE-2024-1162 usage by Country

United States4,204 websites


Germany2,039 websites
France1,698 websites
Poland859 websites
Netherlands627 websites
GB546 websites
Japan517 websites
Spain464 websites
Italy451 websites
Russia432 websites

CVE-2024-1162 usage by TLD

.com5,928 websites
.de971 websites
.org850 websites
.fr730 websites
.pl723 websites
.nl635 websites
.co.uk409 websites
.it374 websites
.net359 websites
.ru343 websites

Vulnerable Versions

Vulnerable versions are highlighted in red

Websites affected by CVE-2024-1162

Top websites that are affected by CVE-2024-1162. Please click on the "Contact us" link to get more information.
DomainCountryRankContacts
*****.com Korea, South**,***
*******.com Germany**,***
***************.org United States***,***
*****************.com United States***,***
*******.com Cyprus***,***
*********.com Canada***,***
**********************.org United States***,***
***********.fr France***,***
***********.com Argentina***,***
*********.cz Czech Republic***,***
See full domain list

FAQ

A total of 16,708 websites have been identified as vulnerable to CVE-2024-1162, discovered through global website indexing conducted by WebTechSurvey.
OrbitFox is susceptible to CVE-2024-1162 vulnerability.
OrbitFox versions before, and including, 2.10.29 are vulnerable to CVE-2024-1162.