← Back to CVEs
CVE-2021-24158
MEDIUM6.5
Description
Orbit Fox by ThemeIsle has a feature to add a registration form to both the Elementor and Beaver Builder page builders functionality. As part of the registration form, administrators can choose which role to set as the default for users upon registration. This field is hidden from view for lower-level users, however, they can still supply the user_role parameter to update the default role for registration.
CVE Details
CVSS v3.1 Score6.5
SeverityMEDIUM
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredLOW
User InteractionNONE
Published4/5/2021
Last Modified11/21/2024
Sourcenvd
Honeypot Sightings0
Affected Products
themeisle:orbit_fox
Weaknesses (CWE)
CWE-269
References
https://wpscan.com/vulnerability/d81d0e72-9bb5-47ef-a796-3b305a4b604f(contact@wpscan.com)
https://www.wordfence.com/blog/2021/01/multiple-vulnerabilities-patched-in-orbit-fox-by-themeisle-plugin/(contact@wpscan.com)
https://wpscan.com/vulnerability/d81d0e72-9bb5-47ef-a796-3b305a4b604f(af854a3a-2127-422b-91ae-364da2661108)
https://www.wordfence.com/blog/2021/01/multiple-vulnerabilities-patched-in-orbit-fox-by-themeisle-plugin/(af854a3a-2127-422b-91ae-364da2661108)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.