191 matches found
WordPress plugin Livemesh SiteOrigin Widgets 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...
EUVD-2020-5884
Malware in sbrugna...
EUVD-2020-5885
Malware in sbrugna...
EUVD-2025-5900
Malicious code in bioql PyPI...
EUVD-2024-16845
Malicious code in bioql PyPI...
EUVD-2024-52393
Malicious code in bioql PyPI...
EUVD-2024-27162
Malicious code in bioql PyPI...
EUVD-2024-47035
Malicious code in bioql PyPI...
EUVD-2025-28611
Malicious code in bioql PyPI...
EUVD-2024-16833
Malicious code in bioql PyPI...
EUVD-2024-43997
Malicious code in bioql PyPI...
EUVD-2024-16739
Malicious code in bioql PyPI...
EUVD-2024-46347
Malicious code in bioql PyPI...
CVE-2025-5585
The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the data-url DOM Element Attribute in all versions up to, and including, 1.68.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
WordPress SiteOrigin Widgets Bundle plugin cross-site scripting vulnerability
WordPress SiteOrigin Widgets Bundle is a powerful WordPress plugin that provides a rich set of highly customizable widgets for enhancing the layout and functionality of your website, supporting a wide range of page builders and editors to help users easily create professional and beautiful...
CVE-2025-5585
The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the data-url DOM Element Attribute in all versions up to, and including, 1.68.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2025-5585 SiteOrigin Widgets Bundle <= 1.68.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via `data-url` DOM Element Attribute
The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the data-url DOM Element Attribute in all versions up to, and including, 1.68.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2025-5585
The CVE-2025-5585 entry concerns the SiteOrigin Widgets Bundle plugin for WordPress. A Stored Cross-Site Scripting flaw exists in all versions up to 1.68.4 (and discussed variants up to 1.68.5 in related advisories) due to insufficient input sanitization and output escaping, specifically via the ...
CVE-2025-5585 SiteOrigin Widgets Bundle <= 1.68.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via `data-url` DOM Element Attribute
The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the data-url DOM Element Attribute in all versions up to, and including, 1.68.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
PT-2025-26806 · WordPress · Siteorigin Widgets Bundle
Name of the Vulnerable Software and Affected Versions: SiteOrigin Widgets Bundle plugin for WordPress versions up to and including 1.68.4 Description: The issue is related to Stored Cross-Site Scripting via the data-url DOM Element Attribute. This occurs due to insufficient input sanitization and...