The WordPress & Plugin Vulnerability Update
Name of Plugin- Orbit Fox by ThemeIsle
Number of installations- 4,00,000+ (As on date of publishing)
Severity- Super High
According to WordFence website, they found a severe vulnerability in Orbit Fox plugin which has more that 4,00,000 installations when this post went live.
The vulnerability can allow attackers to gain admin level privileges and can completely take over the website.
In technical terms, the plugin has client side protection to prevent the role selector from being shown to less privileges users but there is no server side protection to check if an authorized user has set the default role of the user.
Also, a less sever vulnerability was noticed by WordFence which can help hackers inject malicious scripts into the posts.
The update patch has been rolled out and if your WordPress website is using Orbit Fox plugin below the version 2.10.2 you are advised to update plugin immediately to Orbit Fox version 2.10.3
If you are facing any problems with updating WordPress Plugin Orbit Fox Get in touch with us and we will take the necessary steps to secure your website.