Two security vulnerabilities afflict a WordPress plugin with 40,000 installs. Orbit Fox is a plugin that allows site administrators to add features such as registration forms and widgets. The plugin, from a developer called ThemeIsle, has been installed by 400,000+ sites. The vulnerabilities are patched in version 2.10.3; those sites running versions of Orbit Fox 2.2 and below should update as soon as possible. The bugs are the latest in the line of faulty WordPress plugins that have come in months.
Source: https://threatpost.com/orbit-fox-wordpress-plugin-bugs/163020/