Vulnerability Description
Orbit Fox by ThemeIsle has a feature to add a registration form to both the Elementor and Beaver Builder page builders functionality. As part of the registration form, administrators can choose which role to set as the default for users upon registration. This field is hidden from view for lower-level users, however, they can still supply the user_role parameter to update the default role for registration.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Themeisle | Orbit Fox | < 2.10.3 |
Related Weaknesses (CWE)
References
- https://wpscan.com/vulnerability/d81d0e72-9bb5-47ef-a796-3b305a4b604fExploitThird Party Advisory
- https://www.wordfence.com/blog/2021/01/multiple-vulnerabilities-patched-in-orbitExploitThird Party Advisory
- https://wpscan.com/vulnerability/d81d0e72-9bb5-47ef-a796-3b305a4b604fExploitThird Party Advisory
- https://www.wordfence.com/blog/2021/01/multiple-vulnerabilities-patched-in-orbitExploitThird Party Advisory
FAQ
What is CVE-2021-24158?
CVE-2021-24158 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Orbit Fox by ThemeIsle has a feature to add a registration form to both the Elementor and Beaver Builder page builders functionality. As part of the registration form, administrators can choose which ...
How severe is CVE-2021-24158?
CVE-2021-24158 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-24158?
Check the references section above for vendor advisories and patch information. Affected products include: Themeisle Orbit Fox.