3 matches found
CVE-2024-4361
The Page Builder by SiteOrigin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'siteoriginwidget' shortcode in all versions up to, and including, 2.29.15 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possib...
CVE-2024-4361 Page Builder by SiteOrigin <= 2.29.15 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'siteorigin_widget' Shortcode
The Page Builder by SiteOrigin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'siteoriginwidget' shortcode in all versions up to, and including, 2.29.15 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possib...
CVE-2024-4361
CVE-2024-4361 affects Page Builder by SiteOrigin for WordPress. It is a Stored XSS via the siteorigin_widget shortcode in all versions up to 2.29.15, exploitable by authenticated attackers with contributor-level access or higher. Connected documents confirm the vulnerability and indicate a patch ...