These vulnerabilities are rated as critical and medium in severity. Therefore, vulnerable versions should be updated immediately to the most recent version of the plugin.
Orbit Fox is a popular plugin used to extend theme functionality with various modules like social media share buttons, uptime monitoring, custom menu icons etc. Currently, it is run on over 400 000 WordPress sites.
The first vulnerability exist in the registration widget that is used to create a registration form when using Elementor and Beaver Builder editors. While creating a form, the plugin allows defining a default user role, such as contributor, author, editor etc., to the registering users. However, this default role could be escalated to administrator level by tweaking the HTML requests with appropriate parameters.
This vulnerability arise from the lack of server side validation though client side mechanisms have been implemented properly in the plugin.
An authenticated attacker with low-level privileges can gain administrator level access, resulting in full takeover of the targeted WordPress website.
Category: Authenticated Privilege Escalation
CVSS 3.1 Base Score: 9.9 Critical
CVSS 3.1 Vector: AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Category: Authenticated Stored XSS Attack
CVSS 3.1 Base Score: 6.4 Medium
CVSS 3.1 Vector: AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
To defend against possible attacks due to these vulnerabilities, vulnerable Orbit Fox (2.10.2 and older versions) plugin should be updated to the most recent version. Both vulnerabilities have been patched by the ThemeIsle in the Orbit Fox 2.10.3 release.
Also, as a rule of thumb, the attack surface should be decreased by identifying a minimal set of essential and critical plugins to be installed in WordPress. The selected plugins should come from trustworthy sources and and the most trusted version should be installed in your system. Don’t forget that each theme and plugin come with their own vulnerabilities to be exploited by the hackers. Read more on how to secure WordPress sites.
If security were all that mattered, computers would never be turned on, let alone hooked into a network with literally millions of potential intruders.Dan Farmer
Read more educational and inspirational cyber quotes at our page 100+ Best Cyber Security & Hacker Quotes.
References to Advisories, Solutions and Tools
To learn more about how to protect your WordPress site, you can also read How to Secure Your WordPress Site?