CVE-2024-2484
Orbit Fox by ThemeIsle <= 2.10.34 - Authenticated (Contributor+) Stored Cross-Site Scripting via Services and Post Type Grid WidgetsThe Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Services and Post Type Grid widgets in all versions up to, and including, 2.10.34 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
We have discovered 16,888 live websites that are affected by CVE-2024-2484.
Affected Software
| Product |  OrbitFox |
| Category | Wordpress Plugins |
| Vulnerable Domains | 16,888 live websites (77.93% of OrbitFox install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 133 versions ( 84.71% of all versions) |
Details
- Published - Jun 22, 2024
- Updated - Aug 1, 2024
Credits
- wesley (finder)
CVE References
CVE-2024-2484 usage by Country
 United States | 4,235 websites |
 Germany | 2,060 websites |
 France | 1,721 websites |
 Poland | 866 websites |
 Netherlands | 631 websites |
 GB | 552 websites |
 Japan | 522 websites |
 Spain | 472 websites |
 Italy | 456 websites |
 Russia | 438 websites |
CVE-2024-2484 usage by TLD
| .com | 5,982 websites |
| .de | 982 websites |
| .org | 859 websites |
| .fr | 737 websites |
| .pl | 726 websites |
| .nl | 640 websites |
| .co.uk | 411 websites |
| .it | 383 websites |
| .net | 364 websites |
| .ru | 349 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2024-2484
Top websites that are affected by CVE-2024-2484. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| *****.com |  Korea, South | **,*** | |
| *******.com | Germany | **,*** | |
| ***************.org | United States | ***,*** | |
| *****************.com | United States | ***,*** | |
| *******.com |  Cyprus | ***,*** | |
| *********.com |  Canada | ***,*** | |
| **********************.org | United States | ***,*** | |
| ***********.fr | France | ***,*** | |
| ***********.com |  Argentina | ***,*** | |
| *********.cz |  Czech Republic | ***,*** |
References
- https://www.wordfence.com/threat-intel/vulnerabilities/id/1bd0f172-2cd3-4839-9df9-64475554d3b2?source=cve
- https://plugins.trac.wordpress.org/browser/themeisle-companion/tags/2.10.33/vendor/codeinwp/elementor-extra-widgets/widgets/elementor/services.php#L639
- https://plugins.trac.wordpress.org/browser/themeisle-companion/tags/2.10.33/vendor/codeinwp/elementor-extra-widgets/widgets/elementor/posts-grid.php#L1464
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3055876%40themeisle-companion&new=3055876%40themeisle-companion&sfp_email=&sfph_mail=
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3058970%40themeisle-companion&new=3058970%40themeisle-companion&sfp_email=&sfph_mail=#file16