3 matches found
CVE-2024-1058
The CVE-2024-1058 entry concerns the WordPress SiteOrigin Widgets Bundle plugin. Affected component: the onclick parameter, with stored cross-site scripting (XSS) via input sanitization/escaping in versions up to 1.58.3. Exploitation requires attacker credentials at Contributor level or higher; i...
CVE-2024-1058 SiteOrigin Widgets Bundle <= 1.58.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the onclick parameter in all versions up to, and including, 1.58.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor...
WordPress SiteOrigin Widgets Bundle Plugin <= 1.58.3 is vulnerable to Cross Site Scripting (XSS)
Software SiteOrigin Widgets Bundle Type Plugin Vulnerable versions = 1.58.3 Fixed in 1.58.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1058 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID f6e686205585 Credits wesley wcraf...