86 matches found
WordPress SiteOrigin Widgets Bundle plugin <= 1.68.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via `data-url` DOM Element Attribute vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via data-url DOM Element Attribute vulnerability discovered by Asaf Mozes in WordPress Plugin SiteOrigin Widgets Bundle versions = 1.68.5...
CVE-2024-1070
The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the features attribute in all versions up to, and including, 1.58.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor...
CVE-2024-4362
The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'siteoriginwidget' shortcode in all versions up to, and including, 1.60.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...
CVE-2024-5901
The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Grid widget in all versions up to, and including, 1.62.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2024-5090
The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's SiteOrigin Blog Widget in all versions up to, and including, 1.61.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2024-1723
The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in all versions up to, and including, 1.58.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor acce...
CVE-2024-1058
The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the onclick parameter in all versions up to, and including, 1.58.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor...
CVE-2024-54268
Missing Authorization vulnerability in Greg - SiteOrigin SiteOrigin Widgets Bundle so-widgets-bundle allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SiteOrigin Widgets Bundle: from n/a through = 1.64.0...
CVE-2024-0961
The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the code editor in all versions up to, and including, 1.58.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access ...
CVE-2024-54268
Missing Authorization vulnerability in Greg - SiteOrigin SiteOrigin Widgets Bundle so-widgets-bundle allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SiteOrigin Widgets Bundle: from n/a through = 1.64.0...
CVE-2024-54268
Missing Authorization vulnerability in SiteOrigin SiteOrigin Widgets Bundle allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SiteOrigin Widgets Bundle: from n/a through 1.64.0...
CVE-2024-54268
CVE-2024-54268 : A Missing Authorization vulnerability in SiteOrigin Widgets Bundle (WordPress plugin) affects versions up to 1.64.0. The root cause is an incorrectly configured access control security level, enabling broken access control. Public sources (Patchstack, Red Hat, CVE listings) descr...
CVE-2024-54268 WordPress SiteOrigin Widgets Bundle plugin <= 1.64.0 - Broken Access Control vulnerability
Missing Authorization vulnerability in Greg - SiteOrigin SiteOrigin Widgets Bundle so-widgets-bundle allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SiteOrigin Widgets Bundle: from n/a through = 1.64.0...
CVE-2024-54268 WordPress SiteOrigin Widgets Bundle plugin <= 1.64.0 - Broken Access Control vulnerability
Missing Authorization vulnerability in SiteOrigin SiteOrigin Widgets Bundle allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SiteOrigin Widgets Bundle: from n/a through 1.64.0...
WordPress plugin SiteOrigin Widgets Bundle 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
WordPress SiteOrigin Widgets Bundle plugin <= 1.64.0 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin SiteOrigin Widgets Bundle versions = 1.64.0...
CVE-2024-5901
The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Grid widget in all versions up to, and including, 1.62.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2024-5901
CVE-2024-5901 affects SiteOrigin Widgets Bundle (WordPress) up to version 1.62.2. It is a Stored Cross-Site Scripting vulnerability in the Image Grid widget caused by insufficient input sanitization and output escaping on user-supplied attributes. Exploitation requires at least contributor-level ...
CVE-2024-5901 SiteOrigin Widgets Bundle <= 1.62.2 - Authenticated (Contributor+) Stored Cross-Site Scripting in Image Grid widget
The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Grid widget in all versions up to, and including, 1.62.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
WordPress SiteOrigin Widgets Bundle plugin <= 1.62.2 - Authenticated (Contributor+) Stored Cross-Site Scripting in Image Grid widget vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting in Image Grid widget vulnerability discovered by Ngô Thiên An ancorn in WordPress Plugin SiteOrigin Widgets Bundle versions = 1.62.2...