Wordfence Threat Intelligence team published details about two vulnerabilities that were discovered in Orbit Fox by ThemeIsle, a plugin installed on over 400,000 sites.

These vulnerabilities could allow attackers to escalate their privileges to an administrative level and inject malicious JavaScript into posts and pages.