2 matches found
WordPress Page Builder by SiteOrigin Plugin <= 2.29.6 is vulnerable to Cross Site Scripting (XSS)
Software Page Builder by SiteOrigin Type Plugin Vulnerable versions = 2.29.6 Fixed in 2.29.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2202 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 92274a8f9656 Credits Webbernaut...
CVE-2024-2202
CVE-2024-2202 affects Page Builder by SiteOrigin for WordPress. It is a Stored XSS via the legacy Image widget in all versions up to 2.29.6, exploitable by authenticated users with contributor+ access to inject scripts executed when users view the affected pages. A fix exists in 2.29.7; update to...