CVE-2024-0508 in Orbit Fox Plugininfo

Summary

by MITRE • 02/06/2024

The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Pricing Table Elementor Widget in all versions up to, and including, 2.10.27 due to insufficient input sanitization and output escaping on the user supplied link URL. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Analysis

by VulDB Data Team • 04/11/2026

The Orbit Fox plugin by ThemeIsle represents a popular WordPress plugin suite that enhances website functionality through various widgets and elements. The specific vulnerability exists within the Pricing Table Elementor Widget component of this plugin, which is designed to create customizable pricing tables for websites. This particular widget allows users to define pricing information along with associated links that can be displayed on web pages. The flaw manifests in how the plugin handles user-supplied URL inputs when rendering these pricing table elements, creating a persistent security weakness that affects all versions up to and including 2.10.27.

The technical implementation of this vulnerability stems from inadequate input sanitization and output escaping mechanisms within the plugin's codebase. When administrators or contributors create pricing table elements with custom links, the plugin fails to properly validate or escape the URL parameters before storing them in the database. This insufficient sanitization allows malicious actors to inject malicious JavaScript code into the link fields. The vulnerability specifically targets the handling of user-supplied URLs in the pricing table widget, where the plugin stores these values without adequate security measures. The lack of proper escaping means that when these stored URLs are later rendered on web pages, any embedded malicious scripts execute in the context of the victim's browser session.

The operational impact of this stored cross-site scripting vulnerability is significant for WordPress sites utilizing the affected plugin. Attackers with contributor-level permissions or higher can exploit this weakness to inject malicious scripts that will execute whenever any user accesses pages containing the compromised pricing table elements. This creates a persistent threat vector where malicious code can affect multiple users over time, potentially leading to session hijacking, data theft, or further exploitation of the compromised WordPress installation. The vulnerability is particularly concerning because it requires only contributor-level access, which is often granted to trusted users who may not be fully aware of the security implications of their actions.

The vulnerability aligns with CWE-79 which describes Cross-Site Scripting flaws in web applications, specifically targeting the storage of malicious scripts that execute in users' browsers. From an ATT&CK perspective, this represents a privilege escalation and persistence technique that allows attackers to maintain access through malicious script execution. The threat landscape is further complicated by the fact that this vulnerability affects a widely-used plugin, meaning that compromised sites may be used as launch points for broader attacks or as part of botnet operations. The stored nature of the XSS means that even if the initial injection is discovered and removed, the malicious scripts continue to execute for all affected users until the underlying vulnerability is patched and the stored data is properly sanitized.

Mitigation strategies should prioritize immediate patching of the Orbit Fox plugin to version 2.10.28 or later, which contains the necessary security fixes. Site administrators should also implement additional monitoring for unusual activity in the pricing table elements and consider implementing content security policies to limit script execution. Regular security audits of plugin installations are essential to identify similar vulnerabilities in other components. The remediation process should include sanitizing existing stored data that may contain malicious scripts, particularly in the pricing table elements that were created before the patch was applied. Additionally, implementing proper access controls and limiting contributor permissions to only necessary functions can reduce the attack surface for such vulnerabilities.

Reservation

01/12/2024

Disclosure

02/06/2024

Moderation

accepted

CPE

ready

EPSS

0.00525

KEV

no

Activities

very low

Sources

Do you need the next level of professionalism?

Upgrade your account now!