CVE-2026-13295

The CVE-2026-13295 entry concerns the Page Builder by SiteOrigin WordPress plugin. A stored XSS vulnerability affects all versions up to 2.34.3, caused by insufficient input sanitization and output escaping of the panels_data parameter. Authenticated users with Contributor-level access and above ...

EUVD-2026-39955

The Page Builder by SiteOrigin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via panelsdata Parameter in all versions up to, and including, 2.34.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2020-13642

An issue was discovered in the SiteOrigin Page Builder plugin before 2.10.16 for WordPress. The actionbuildercontent function did not do any nonce verification, allowing for requests to be forged on behalf of an administrator. The panelsdata $POST variable allows for malicious JavaScript to be...

WordPress SiteOrigin Page Builder Cross-Site Request Forgery Vulnerability (CNVD-2020-31282)

WordPress is the WordPress Foundation's set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers.SiteOrigin Page Builder is a page builder plugin used in it. A cross-site request forgery vulnerability exists in...