Lucene search
K

33 matches found

CVE
CVE
added 2026/06/27 6:50 a.m.15 views

CVE-2026-13295

The CVE-2026-13295 entry concerns the Page Builder by SiteOrigin WordPress plugin. A stored XSS vulnerability affects all versions up to 2.34.3, caused by insufficient input sanitization and output escaping of the panels_data parameter. Authenticated users with Contributor-level access and above ...

6.4CVSS6AI score0.00241EPSS
Exploits0References10
EUVD
EUVD
added 2026/06/27 6:50 a.m.9 views

EUVD-2026-39955

The Page Builder by SiteOrigin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via panelsdata Parameter in all versions up to, and including, 2.34.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS6AI score0.00241EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/06/27 12:0 a.m.13 views

PT-2026-53056

Name of the Vulnerable Software and Affected Versions Page Builder by SiteOrigin versions prior to 2.34.4 Description Stored Cross-Site Scripting occurs due to insufficient input sanitization and output escaping. Authenticated attackers with Contributor-level access or higher can inject arbitrary...

6.4CVSS5.9AI score0.00241EPSS
Exploits0References15
RedhatCVE
RedhatCVE
added 2026/03/04 1:56 a.m.5 views

CVE-2026-2448

The Page Builder by SiteOrigin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.33.5 via the locatetemplate function. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary fil...

8.8CVSS6.5AI score0.00888EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/03 1:21 a.m.7 views

EUVD-2026-9273

The Page Builder by SiteOrigin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.33.5 via the locatetemplate function. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary fil...

8.8CVSS6.5AI score0.00888EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/03 1:21 a.m.2 views

CVE-2026-2448 Page Builder by SiteOrigin <= 2.33.5 - Authenticated (Contributor+) Local File Inclusion

The Page Builder by SiteOrigin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.33.5 via the locatetemplate function. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary fil...

8.8CVSS6.5AI score0.00888EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/03 1:21 a.m.6 views

CVE-2026-2448

The Page Builder by SiteOrigin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.33.5 via the locatetemplate function. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary fil...

8.8CVSS6.5AI score0.00888EPSS
Exploits0References3
CVE
CVE
added 2026/03/03 1:21 a.m.17 views

CVE-2026-2448

CVE-2026-2448 refers to the WordPress plugin Page Builder by SiteOrigin (all versions up to 2.33.5) exposing a Local File Inclusion vulnerability via locate_template(). Exploitation requires authenticated access at Contributor level or higher , enabling arbitrary PHP code execution on the server ...

8.8CVSS6.5AI score0.00888EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/03 12:0 a.m.9 views

PT-2026-22713

The Page Builder by SiteOrigin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.33.5 via the locate template function. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary...

8.8CVSS6.5AI score0.00888EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-5884

Malware in sbrugna...

8.8CVSS8.6AI score0.00809EPSS
Exploits2References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2020-5885

Malware in sbrugna...

8.8CVSS8.6AI score0.00809EPSS
Exploits2References3
OSV
OSV
added 2025/03/01 7:15 a.m.4 views

CVE-2025-1459

The Page Builder by SiteOrigin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Embedded VideoPB widget in all versions up to, and including, 2.31.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

5.4CVSS5.9AI score0.00221EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/02/05 1:46 p.m.9 views

CVE-2020-13643

An issue was discovered in the SiteOrigin Page Builder plugin before 2.10.16 for WordPress. The live editor feature did not do any nonce verification, allowing for requests to be forged on behalf of an administrator. The liveeditorpanelsdata $POST variable allows for malicious JavaScript to be...

8.8CVSS6.6AI score0.00809EPSS
Exploits2
RedhatCVE
RedhatCVE
added 2025/02/05 1:42 p.m.22 views

CVE-2020-13642

An issue was discovered in the SiteOrigin Page Builder plugin before 2.10.16 for WordPress. The actionbuildercontent function did not do any nonce verification, allowing for requests to be forged on behalf of an administrator. The panelsdata $POST variable allows for malicious JavaScript to be...

8.8CVSS6.6AI score0.00809EPSS
Exploits2
OSV
OSV
added 2025/01/14 11:15 a.m.3 views

CVE-2024-12240

The Page Builder by SiteOrigin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the row label parameter in all versions up to, and including, 2.31.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

5.4CVSS7.4AI score0.00321EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/01/14 12:0 a.m.3 views

PT-2025-1789 · Siteorigin · The Page Builder By Siteorigin

Name of the Vulnerable Software and Affected Versions: The Page Builder by SiteOrigin plugin for WordPress versions up to, and including, 2.31.0 Description: The issue is related to Stored Cross-Site Scripting via the row label parameter due to insufficient input sanitization and output escaping...

6.4CVSS7.9AI score0.00321EPSS
Exploits0References8
Patchstack
Patchstack
added 2025/01/13 10:1 p.m.4 views

WordPress Page Builder by SiteOrigin plugin <= 2.31.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Row Label Parameter vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Row Label Parameter vulnerability discovered by zer0gh0st in WordPress Plugin Page Builder by SiteOrigin versions = 2.31.0...

6.4CVSS5.5AI score0.00321EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2024/05/21 11:15 a.m.4 views

CVE-2024-4361

The Page Builder by SiteOrigin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'siteoriginwidget' shortcode in all versions up to, and including, 2.29.15 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possib...

5.4CVSS5.9AI score0.00357EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/05/21 12:0 a.m.5 views

PT-2024-30604 · Siteorigin · The Page Builder By Siteorigin

Name of the Vulnerable Software and Affected Versions: Page Builder by SiteOrigin plugin for WordPress versions up to, and including, 2.29.15 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'siteorigin widget' shortcode due to insufficient input sanitization and...

6.4CVSS6.2AI score0.00357EPSS
Exploits0References10
OSV
OSV
added 2024/03/23 3:15 a.m.3 views

CVE-2024-2202

The Page Builder by SiteOrigin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the legacy Image widget in all versions up to, and including, 2.29.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

5.4CVSS7.4AI score0.0043EPSS
Exploits0References3
Rows per page
Query Builder