Lucene search
K

86 matches found

Patchstack
Patchstack
added 2025/06/24 9:31 p.m.6 views

WordPress SiteOrigin Widgets Bundle plugin <= 1.68.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via `data-url` DOM Element Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via data-url DOM Element Attribute vulnerability discovered by Asaf Mozes in WordPress Plugin SiteOrigin Widgets Bundle versions = 1.68.5...

6.4CVSS5.5AI score0.00165EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/23 9:39 a.m.9 views

CVE-2024-1070

The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the features attribute in all versions up to, and including, 1.58.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor...

6.4CVSS5.9AI score0.00531EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:2 a.m.3 views

CVE-2024-4362

The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'siteoriginwidget' shortcode in all versions up to, and including, 1.60.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...

6.4CVSS6AI score0.00364EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:59 a.m.26 views

CVE-2024-5901

The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Grid widget in all versions up to, and including, 1.62.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS6AI score0.00371EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:47 a.m.4 views

CVE-2024-5090

The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's SiteOrigin Blog Widget in all versions up to, and including, 1.61.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS6AI score0.00298EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:23 a.m.6 views

CVE-2024-1723

The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in all versions up to, and including, 1.58.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor acce...

6.4CVSS5.8AI score0.00501EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:22 a.m.5 views

CVE-2024-1058

The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the onclick parameter in all versions up to, and including, 1.58.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor...

6.4CVSS4.9AI score0.00439EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:11 a.m.11 views

CVE-2024-54268

Missing Authorization vulnerability in Greg - SiteOrigin SiteOrigin Widgets Bundle so-widgets-bundle allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SiteOrigin Widgets Bundle: from n/a through = 1.64.0...

8.8CVSS7.2AI score0.00581EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:24 a.m.10 views

CVE-2024-0961

The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the code editor in all versions up to, and including, 1.58.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access ...

6.4CVSS6AI score0.00531EPSS
Exploits0References1
NVD
NVD
added 2024/12/13 3:15 p.m.11 views

CVE-2024-54268

Missing Authorization vulnerability in Greg - SiteOrigin SiteOrigin Widgets Bundle so-widgets-bundle allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SiteOrigin Widgets Bundle: from n/a through = 1.64.0...

8.8CVSS0.00581EPSS
Exploits0References1
OSV
OSV
added 2024/12/13 3:15 p.m.6 views

CVE-2024-54268

Missing Authorization vulnerability in SiteOrigin SiteOrigin Widgets Bundle allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SiteOrigin Widgets Bundle: from n/a through 1.64.0...

8.8CVSS7.1AI score
Exploits0References1
CVE
CVE
added 2024/12/13 2:24 p.m.57 views

CVE-2024-54268

CVE-2024-54268 : A Missing Authorization vulnerability in SiteOrigin Widgets Bundle (WordPress plugin) affects versions up to 1.64.0. The root cause is an incorrectly configured access control security level, enabling broken access control. Public sources (Patchstack, Red Hat, CVE listings) descr...

8.8CVSS7.2AI score0.00581EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2024/12/13 2:24 p.m.18 views

CVE-2024-54268 WordPress SiteOrigin Widgets Bundle plugin <= 1.64.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Greg - SiteOrigin SiteOrigin Widgets Bundle so-widgets-bundle allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SiteOrigin Widgets Bundle: from n/a through = 1.64.0...

4.3CVSS0.00581EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/12/13 2:24 p.m.9 views

CVE-2024-54268 WordPress SiteOrigin Widgets Bundle plugin <= 1.64.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in SiteOrigin SiteOrigin Widgets Bundle allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SiteOrigin Widgets Bundle: from n/a through 1.64.0...

4.3CVSS7.2AI score0.00581EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/12/13 12:0 a.m.2 views

WordPress plugin SiteOrigin Widgets Bundle 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

8.8CVSS8.4AI score0.00581EPSS
Exploits0References1
Patchstack
Patchstack
added 2024/12/10 2:11 p.m.4 views

WordPress SiteOrigin Widgets Bundle plugin <= 1.64.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin SiteOrigin Widgets Bundle versions = 1.64.0...

8.8CVSS7AI score0.00581EPSS
Exploits0Affected Software1
NVD
NVD
added 2024/07/30 9:15 p.m.56 views

CVE-2024-5901

The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Grid widget in all versions up to, and including, 1.62.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS0.00371EPSS
Exploits0References3
CVE
CVE
added 2024/07/30 8:30 p.m.63 views

CVE-2024-5901

CVE-2024-5901 affects SiteOrigin Widgets Bundle (WordPress) up to version 1.62.2. It is a Stored Cross-Site Scripting vulnerability in the Image Grid widget caused by insufficient input sanitization and output escaping on user-supplied attributes. Exploitation requires at least contributor-level ...

6.4CVSS5.7AI score0.00371EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2024/07/30 8:30 p.m.10 views

CVE-2024-5901 SiteOrigin Widgets Bundle <= 1.62.2 - Authenticated (Contributor+) Stored Cross-Site Scripting in Image Grid widget

The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Grid widget in all versions up to, and including, 1.62.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS6.1AI score0.00371EPSS
Exploits0References5
Patchstack
Patchstack
added 2024/07/30 10:54 a.m.4 views

WordPress SiteOrigin Widgets Bundle plugin <= 1.62.2 - Authenticated (Contributor+) Stored Cross-Site Scripting in Image Grid widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting in Image Grid widget vulnerability discovered by Ngô Thiên An ancorn in WordPress Plugin SiteOrigin Widgets Bundle versions = 1.62.2...

6.4CVSS5.7AI score0.00371EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder