CVE-2024-2202 Page Builder by SiteOrigin <= 2.29.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Legacy Image Widget

🗓️ 23 Mar 2024 02:32:55Reported by WordfenceType

The Page Builder by SiteOrigin plugin for WordPress has Stored XSS vulnerabilit

Reporter	Title	Published	Views	Family All 11
Circl	CVE-2024-2202	13 Feb 202517:10	–	circl
CNNVD	WordPress Plugin Page Builder by SiteOrigin 安全漏洞	23 Mar 202400:00	–	cnnvd
CVE	CVE-2024-2202	23 Mar 202402:32	–	cve
EUVD	EUVD-2024-27162	3 Oct 202520:07	–	euvd
NVD	CVE-2024-2202	23 Mar 202403:15	–	nvd
Patchstack	WordPress Page Builder by SiteOrigin Plugin <= 2.29.6 is vulnerable to Cross Site Scripting (XSS)	25 Mar 202400:00	–	patchstack
Positive Technologies	PT-2024-19158 · Siteorigin · The Page Builder By Siteorigin	22 Mar 202400:00	–	ptsecurity
RedhatCVE	CVE-2024-2202	7 Jan 202609:14	–	redhatcve
Vulnrichment	CVE-2024-2202 Page Builder by SiteOrigin <= 2.29.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Legacy Image Widget	23 Mar 202402:32	–	vulnrichment
Wordfence Blog	Wordfence Intelligence Weekly WordPress Vulnerability Report (March 18, 2024 to March 24, 2024)	28 Mar 202415:35	–	wordfence

[
  {
    "vendor": "gpriday",
    "product": "Page Builder by SiteOrigin",
    "versions": [
      {
        "version": "0",
        "status": "affected",
        "lessThanOrEqual": "2.29.6",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

Source	Link
plugins	www.plugins.trac.wordpress.org/changeset
plugins	www.plugins.trac.wordpress.org/browser/siteorigin-panels/trunk/widgets/widgets.php
wordfence	www.wordfence.com/threat-intel/vulnerabilities/id/52116a6f-506f-4eeb-9bcc-19900ef38101

08 Apr 2026 16:52Current

5.8Medium risk

Vulners AI Score5.8

CVSS 3.16.4

EPSS0.00126

CWE-79