CVE-2026-2127

The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to unauthorized arbitrary shortcode execution in all versions up to, and including, 1.70.4. This is due to a missing capability check on the siteoriginwidgetpreviewwidgetaction function which is registered via the...

CVE-2026-2127

The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to unauthorized arbitrary shortcode execution in all versions up to, and including, 1.70.4. This is due to a missing capability check on the siteoriginwidgetpreviewwidgetaction function which is registered via the...

CVE-2026-2127

CVE-2026-2127 describes an authenticated arbitrary shortcode execution flaw in the WordPress plugin SiteOrigin Widgets Bundle (versions

WordPress plugin SiteOrigin Widgets Bundle 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

EUVD-2024-52393

Malicious code in bioql PyPI...

EUVD-2024-46347

Malicious code in bioql PyPI...

EUVD-2024-16845

Malicious code in bioql PyPI...

EUVD-2024-16739

Malicious code in bioql PyPI...

CVE-2025-5585

The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the data-url DOM Element Attribute in all versions up to, and including, 1.68.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2025-5585

The CVE-2025-5585 entry concerns the SiteOrigin Widgets Bundle plugin for WordPress. A Stored Cross-Site Scripting flaw exists in all versions up to 1.68.4 (and discussed variants up to 1.68.5 in related advisories) due to insufficient input sanitization and output escaping, specifically via the ...

CVE-2025-5585 SiteOrigin Widgets Bundle <= 1.68.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via `data-url` DOM Element Attribute

The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the data-url DOM Element Attribute in all versions up to, and including, 1.68.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2025-5585 SiteOrigin Widgets Bundle <= 1.68.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via `data-url` DOM Element Attribute

The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the data-url DOM Element Attribute in all versions up to, and including, 1.68.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

PT-2025-26806 · WordPress · Siteorigin Widgets Bundle

Name of the Vulnerable Software and Affected Versions: SiteOrigin Widgets Bundle plugin for WordPress versions up to and including 1.68.4 Description: The issue is related to Stored Cross-Site Scripting via the data-url DOM Element Attribute. This occurs due to insufficient input sanitization and...

WordPress SiteOrigin Widgets Bundle plugin <= 1.68.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via `data-url` DOM Element Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via data-url DOM Element Attribute vulnerability discovered by Asaf Mozes in WordPress Plugin SiteOrigin Widgets Bundle versions = 1.68.5...

CVE-2024-1070

The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the features attribute in all versions up to, and including, 1.58.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor...

CVE-2024-4362

The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'siteoriginwidget' shortcode in all versions up to, and including, 1.60.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...

CVE-2024-5901

The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Grid widget in all versions up to, and including, 1.62.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2024-1723

The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in all versions up to, and including, 1.58.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor acce...

CVE-2024-54268

Missing Authorization vulnerability in Greg - SiteOrigin SiteOrigin Widgets Bundle so-widgets-bundle allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SiteOrigin Widgets Bundle: from n/a through = 1.64.0...

CVE-2024-0961

The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the code editor in all versions up to, and including, 1.58.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access ...