CVE-2021-24158
Last modified
CVE-2021-24158 is a medium-severity vulnerability rated 6.5/10 on the CVSS scale. Orbit Fox by ThemeIsle has a feature to add a registration form to both the Elementor and Beaver Builder page builders functionality. As part of the registration form, administrators can choose which role to set as the default for users upon registration. EPSS estimates a 0.90% chance of exploitation in the next 30 days.
Description
Orbit Fox by ThemeIsle has a feature to add a registration form to both the Elementor and Beaver Builder page builders functionality. As part of the registration form, administrators can choose which role to set as the default for users upon registration. This field is hidden from view for lower-level users, however, they can still supply the user_role parameter to update the default role for registration.
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Themeisle | Orbit Fox | < 2.10.3 |
References
- https://wpscan.com/vulnerability/d81d0e72-9bb5-47ef-a796-3b305a4b604fExploit, Third Party Advisory
- https://www.wordfence.com/blog/2021/01/multiple-vulnerabilities-patched-in-orbit-fox-by-themeisle-plugin/Exploit, Third Party Advisory
- https://wpscan.com/vulnerability/d81d0e72-9bb5-47ef-a796-3b305a4b604fExploit, Third Party Advisory
- https://www.wordfence.com/blog/2021/01/multiple-vulnerabilities-patched-in-orbit-fox-by-themeisle-plugin/Exploit, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2021-24158?
How severe is CVE-2021-24158?
How do I fix CVE-2021-24158?
Are you affected by CVE-2021-24158?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST