CVE-2021-24157

Name of the Vulnerable Software and Affected Versions: Orbit Fox by ThemeIsle (affected versions not specified)

Description: The issue concerns the ability to add custom scripts to the header and footer of a page or post without proper verification of user capabilities. Specifically, there were no checks to ensure a user had the unfiltered html capability before saving script tags. This oversight allows lower-level users to inject potentially malicious scripts.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.