[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fMHPCqN5eGzJyI1LYwBjfPGOnpIVM32apX7nCtgQd3nA":3},{"id":4,"url_slug":5,"title":6,"description":7,"plugin_slug":8,"theme_slug":9,"affected_versions":10,"patched_in_version":11,"severity":12,"cvss_score":13,"cvss_vector":14,"vuln_type":15,"published_date":16,"updated_date":17,"references":18,"days_to_patch":20},"WF-f53e5192-e809-400c-aed9-36b5d6415a9d-themeisle-companion","orbit-fox-by-themeisle-improper-rest-capabilities-checks","Orbit Fox by ThemeIsle \u003C= 2.6.3 - Improper REST Capabilities Checks","The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on several REST API endpoints in versions up to, and including, 2.6.3. This makes it possible for unauthenticated attackers to perform unauthorized actions such as uploading arbitrary files that can be used for remote code execution.","themeisle-companion",null,"\u003C=2.6.3","2.6.4","high",7.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:L\u002FI:L\u002FA:L","Missing Authorization","2018-11-12 00:00:00","2024-01-22 19:56:02",[19],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Ff53e5192-e809-400c-aed9-36b5d6415a9d?source=api-prod",1898]