Orbit Fox by ThemeIsle <= 2.6.3 -Does not properly Authenticate REST API Calls

Dec 11, 2018 | Security - Internet, WordPress, and otherwise




orbit-fox-by-themeisle Orbit Fox by ThemeIsle <= 2.6.3 -Does not properly Authenticate REST API Calls
Orbit Fox by Themeisle (aka Themeisle Companion) version <= 2.6.3 does not properly authenticate REST API calls allowing unauthenticated users to execute several API calls. 

In some cases one of these calls can be used to upload arbitrary files which can lead to remote code execution.
eHost managed wordpress hosting

We’re listening.

Have something to say about this article? Share it with us on Facebook, Twitter or LinkedIn:

SHARE IT HERE:

Subscribe ToThe Weekly SEO Trade News Updates

Get the latest SEO, SEM and SMM marketing intel, tips and tricks from one of the best SEO Gurus online. 

Every Tuesday morning we send out an aggregated email listing all new posts on SEO Trade News.

Excellent! Now check your email to confirm your subscription.