Lucene search
K

6 matches found

NVD
NVD
added 5 days ago9 views

CVE-2026-13295

The Page Builder by SiteOrigin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via panelsdata Parameter in all versions up to, and including, 2.34.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS0.00241EPSS
Exploits0References10
CVE
CVE
added 5 days ago14 views

CVE-2026-13295

The CVE-2026-13295 entry concerns the Page Builder by SiteOrigin WordPress plugin. A stored XSS vulnerability affects all versions up to 2.34.3, caused by insufficient input sanitization and output escaping of the panels_data parameter. Authenticated users with Contributor-level access and above ...

6.4CVSS6AI score0.00241EPSS
Exploits0References10
EUVD
EUVD
added 5 days ago9 views

EUVD-2026-39955

The Page Builder by SiteOrigin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via panelsdata Parameter in all versions up to, and including, 2.34.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS6AI score0.00241EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 5 days ago11 views

PT-2026-53056

Name of the Vulnerable Software and Affected Versions Page Builder by SiteOrigin versions prior to 2.34.4 Description Stored Cross-Site Scripting occurs due to insufficient input sanitization and output escaping. Authenticated attackers with Contributor-level access or higher can inject arbitrary...

6.4CVSS5.9AI score0.00241EPSS
Exploits0References15
OSV
OSV
added 2020/05/28 4:15 a.m.6 views

CVE-2020-13642

An issue was discovered in the SiteOrigin Page Builder plugin before 2.10.16 for WordPress. The actionbuildercontent function did not do any nonce verification, allowing for requests to be forged on behalf of an administrator. The panelsdata $POST variable allows for malicious JavaScript to be...

8.8CVSS7.3AI score0.00809EPSS
Exploits2References2
CNVD
CNVD
added 2020/05/28 12:0 a.m.1 views

WordPress SiteOrigin Page Builder Cross-Site Request Forgery Vulnerability (CNVD-2020-31282)

WordPress is the WordPress Foundation's set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers.SiteOrigin Page Builder is a page builder plugin used in it. A cross-site request forgery vulnerability exists in...

8.8CVSS6.9AI score0.00809EPSS
Exploits2References1
Rows per page
Query Builder