minute read
Share this article:
Two security vulnerabilities one a privilege-escalation problem and the other a stored XSS bug afflict a WordPress plugin with 40,000 installs.
Two vulnerabilities (one critical) in a WordPress plugin called Orbit Fox could allow attackers to inject malicious code into vulnerable websites and/or take control of a website.
Orbit Fox is a multi-featured WordPress plugin that works with the Elementor, Beaver Builder and Gutenberg site-building utilities. It allows site administrators to add features such as registration forms and widgets. The plugin, from a developer called ThemeIsle, has been installed by 400,000+ sites.
According to researchers at Wordfence, the first flaw (CVEs are pending) is an authenticated privilege-escalation flaw that carries a CVSS bug-severity score of 9.9, making it critical. Authenticated attackers with contributor level access or above can elevate themselves to administrator status and potentially take
Welcome to Press This, the WordPress community podcast from WMR. Here host David Vogelpohl sits down with guests from around the community to talk about the biggest issues facing WordPress developers. The following is a transcription of the original recording.
David Vogelpohl: Hello everyone and welcome to Press This the WordPress community podcasts on WMR. This is your host, David Vogel Paul, I support the WordPress community through my role at WP Engine, and I love to bring the best of the community to you hear every week on press this as a reminder, you can find me on Twitter @wpdavidv, or you can subscribe to press this on iTunes, iHeartRadio, Spotify, or download the latest episodes at wmr.fm. In this episode we’re going to be talking about the future of the pods framework blocks and page builders and joining us for this conversation is the infamous very well known Mr. Scott Kingsley Clark, Scott. Welcome to Press This.