33 matches found
CVE-2026-13295
The CVE-2026-13295 entry concerns the Page Builder by SiteOrigin WordPress plugin. A stored XSS vulnerability affects all versions up to 2.34.3, caused by insufficient input sanitization and output escaping of the panels_data parameter. Authenticated users with Contributor-level access and above ...
EUVD-2026-39955
The Page Builder by SiteOrigin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via panelsdata Parameter in all versions up to, and including, 2.34.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
PT-2026-53056
Name of the Vulnerable Software and Affected Versions Page Builder by SiteOrigin versions prior to 2.34.4 Description Stored Cross-Site Scripting occurs due to insufficient input sanitization and output escaping. Authenticated attackers with Contributor-level access or higher can inject arbitrary...
CVE-2026-2448
The Page Builder by SiteOrigin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.33.5 via the locatetemplate function. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary fil...
EUVD-2026-9273
The Page Builder by SiteOrigin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.33.5 via the locatetemplate function. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary fil...
CVE-2026-2448 Page Builder by SiteOrigin <= 2.33.5 - Authenticated (Contributor+) Local File Inclusion
The Page Builder by SiteOrigin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.33.5 via the locatetemplate function. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary fil...
CVE-2026-2448
The Page Builder by SiteOrigin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.33.5 via the locatetemplate function. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary fil...
CVE-2026-2448
CVE-2026-2448 refers to the WordPress plugin Page Builder by SiteOrigin (all versions up to 2.33.5) exposing a Local File Inclusion vulnerability via locate_template(). Exploitation requires authenticated access at Contributor level or higher , enabling arbitrary PHP code execution on the server ...
PT-2026-22713
The Page Builder by SiteOrigin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.33.5 via the locate template function. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary...
EUVD-2020-5884
Malware in sbrugna...
EUVD-2020-5885
Malware in sbrugna...
CVE-2025-1459
The Page Builder by SiteOrigin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Embedded VideoPB widget in all versions up to, and including, 2.31.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2020-13643
An issue was discovered in the SiteOrigin Page Builder plugin before 2.10.16 for WordPress. The live editor feature did not do any nonce verification, allowing for requests to be forged on behalf of an administrator. The liveeditorpanelsdata $POST variable allows for malicious JavaScript to be...
CVE-2020-13642
An issue was discovered in the SiteOrigin Page Builder plugin before 2.10.16 for WordPress. The actionbuildercontent function did not do any nonce verification, allowing for requests to be forged on behalf of an administrator. The panelsdata $POST variable allows for malicious JavaScript to be...
CVE-2024-12240
The Page Builder by SiteOrigin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the row label parameter in all versions up to, and including, 2.31.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
PT-2025-1789 · Siteorigin · The Page Builder By Siteorigin
Name of the Vulnerable Software and Affected Versions: The Page Builder by SiteOrigin plugin for WordPress versions up to, and including, 2.31.0 Description: The issue is related to Stored Cross-Site Scripting via the row label parameter due to insufficient input sanitization and output escaping...
WordPress Page Builder by SiteOrigin plugin <= 2.31.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Row Label Parameter vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Row Label Parameter vulnerability discovered by zer0gh0st in WordPress Plugin Page Builder by SiteOrigin versions = 2.31.0...
CVE-2024-4361
The Page Builder by SiteOrigin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'siteoriginwidget' shortcode in all versions up to, and including, 2.29.15 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possib...
PT-2024-30604 · Siteorigin · The Page Builder By Siteorigin
Name of the Vulnerable Software and Affected Versions: Page Builder by SiteOrigin plugin for WordPress versions up to, and including, 2.29.15 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'siteorigin widget' shortcode due to insufficient input sanitization and...
CVE-2024-2202
The Page Builder by SiteOrigin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the legacy Image widget in all versions up to, and including, 2.29.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...