PT-2024-28442 · Ibexa · Ibexa Admin Ui Bundle

Name of the Vulnerable Software and Affected Versions: Ibexa Admin UI Bundle affected versions not specified Description: The file upload widget in the Ibexa Admin UI Bundle is vulnerable to XSS payloads in filenames. Access permission to upload files is required, which is typically only granted ...

CVE-2024-5901

The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Grid widget in all versions up to, and including, 1.62.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2024-5901

The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Grid widget in all versions up to, and including, 1.62.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2024-5901

CVE-2024-5901 affects SiteOrigin Widgets Bundle (WordPress) up to version 1.62.2. It is a Stored Cross-Site Scripting vulnerability in the Image Grid widget caused by insufficient input sanitization and output escaping on user-supplied attributes. Exploitation requires at least contributor-level ...

CVE-2024-41109

Pimcore's Admin Classic Bundle provides a backend user interface for Pimcore. Navigating to /admin/index/statistics with a logged in Pimcore user exposes information about the Pimcore installation, PHP version, MYSQL version, installed bundles and all database tables and their row count in the...

CVE-2024-41109 Pimcore vulnerable to disclosure of system and database information behind /admin firewall

Pimcore's Admin Classic Bundle provides a backend user interface for Pimcore. Navigating to /admin/index/statistics with a logged in Pimcore user exposes information about the Pimcore installation, PHP version, MYSQL version, installed bundles and all database tables and their row count in the...

CVE-2024-41109

Summary: CVE-2024-41109 affects Pimcore’s Admin UI Classic Bundle. Affected component is the Admin/IndexController statistics endpoint (/admin/index/statistics), where a logged-in Pimcore user can access detailed system information (Pimcore installation data, PHP/MYSQL versions, installed bundles...

CVE-2024-41109 Pimcore vulnerable to disclosure of system and database information behind /admin firewall

Pimcore's Admin Classic Bundle provides a backend user interface for Pimcore. Navigating to /admin/index/statistics with a logged in Pimcore user exposes information about the Pimcore installation, PHP version, MYSQL version, installed bundles and all database tables and their row count in the...

WordPress SiteOrigin Widgets Bundle plugin <= 1.62.2 - Authenticated (Contributor+) Stored Cross-Site Scripting in Image Grid widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting in Image Grid widget vulnerability discovered by Ngô Thiên An ancorn in WordPress Plugin SiteOrigin Widgets Bundle versions = 1.62.2...

CVE-2024-42156

creationtimestamp| type| source ---|---|--- 2024-07-30 10:43:34+00:00| seen| https://t.me/cvedetector/2015 2025-05-20 14:40:48+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/16987 2025-12-03 14:14:49+00:00| seen|...

CVE-2024-42160

creationtimestamp| type| source ---|---|--- 2024-07-30 10:43:28+00:00| seen| https://t.me/cvedetector/2011 2025-12-03 14:14:49+00:00| seen| https://vulnerability.circl.lu/bundle/816dcc8e-f25a-4895-9b59-1bbd9caeccb8...

WordPress SiteOrigin Widgets Bundle Plugin <= 1.62.2 is vulnerable to Cross Site Scripting (XSS)

Software SiteOrigin Widgets Bundle Type Plugin Vulnerable versions = 1.62.2 Fixed in 1.62.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5901 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID ee6a602a0665 Credits Ngô Thiên An...

WordPress plugin SiteOrigin Widgets Bundle 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

PT-2024-37235 · WordPress · Siteorigin Widgets Bundle

Name of the Vulnerable Software and Affected Versions: SiteOrigin Widgets Bundle plugin for WordPress versions up to, and including, 1.62.2 Description: The issue is related to Stored Cross-Site Scripting via the Image Grid widget due to insufficient input sanitization and output escaping on...

CVE-2024-42068

creationtimestamp| type| source ---|---|--- 2024-07-29 18:48:43+00:00| seen| https://t.me/cvedetector/1887 2025-12-03 14:14:49+00:00| seen| https://vulnerability.circl.lu/bundle/816dcc8e-f25a-4895-9b59-1bbd9caeccb8...

CVE-2024-42063

creationtimestamp| type| source ---|---|--- 2024-07-29 18:48:40+00:00| published-proof-of-concept| https://t.me/cvedetector/1884 2025-12-03 14:14:49+00:00| seen| https://vulnerability.circl.lu/bundle/816dcc8e-f25a-4895-9b59-1bbd9caeccb8...

CVE-2024-42079

creationtimestamp| type| source ---|---|--- 2024-07-29 18:48:28+00:00| seen| https://t.me/cvedetector/1876 2025-12-03 14:14:49+00:00| seen| https://vulnerability.circl.lu/bundle/816dcc8e-f25a-4895-9b59-1bbd9caeccb8...

CVE-2024-42080

creationtimestamp| type| source ---|---|--- 2024-07-29 18:48:24+00:00| seen| https://t.me/cvedetector/1872 2025-12-03 14:14:49+00:00| seen| https://vulnerability.circl.lu/bundle/816dcc8e-f25a-4895-9b59-1bbd9caeccb8...

CVE-2024-41073

creationtimestamp| type| source ---|---|--- 2024-07-29 17:58:09+00:00| seen| https://t.me/cvedetector/1864 2025-12-03 14:14:49+00:00| seen| https://vulnerability.circl.lu/bundle/816dcc8e-f25a-4895-9b59-1bbd9caeccb8 2026-05-07 14:35:10+00:00| seen|...

CVE-2024-41080

creationtimestamp| type| source ---|---|--- 2024-07-29 17:58:07+00:00| seen| https://t.me/cvedetector/1862 2025-12-03 14:14:49+00:00| seen| https://vulnerability.circl.lu/bundle/816dcc8e-f25a-4895-9b59-1bbd9caeccb8...