Lucene search
K

86 matches found

CVE
CVE
added 2023/12/18 8:8 p.m.70 views

CVE-2023-6295

CVE-2023-6295 affects the SiteOrigin Widgets Bundle on WordPress, specifically versions

7.2CVSS7AI score0.01034EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2023/12/18 8:8 p.m.31 views

CVE-2023-6295 so-widgets-bundle < 1.51.0 - Admin+ Local File Inclusion

The SiteOrigin Widgets Bundle WordPress plugin before 1.51.0 does not validate user input before using it to generate paths passed to include function/s, allowing users with the administrator role to perform LFI attacks in the context of Multisite WordPress sites...

7.1AI score0.01034EPSS
Exploits2References1
CNNVD
CNNVD
added 2023/12/18 12:0 a.m.4 views

WordPress Plugin SiteOrigin Widgets Bundle Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

7.2CVSS6.7AI score0.01034EPSS
Exploits2References2
Positive Technologies
Positive Technologies
added 2023/12/12 12:0 a.m.6 views

PT-2023-32595 · WordPress · Siteorigin Widgets Bundle

Name of the Vulnerable Software and Affected Versions: SiteOrigin Widgets Bundle WordPress plugin versions prior to 1.51.0 Description: The issue allows users with the administrator role to perform Local File Inclusion LFI attacks in the context of Multisite WordPress sites. This is due to the...

7.2CVSS7.4AI score0.01034EPSS
Exploits2References10
Patchstack
Patchstack
added 2023/11/29 12:0 a.m.16 views

WordPress SiteOrigin Widgets Bundle Plugin <= 1.50.1 is vulnerable to Local File Inclusion

Software SiteOrigin Widgets Bundle Type Plugin Vulnerable versions = 1.50.1 Fixed in 1.51.0 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2023-6295 Patch priority Low CVSS severity Low 7.4 Developer Claim ownership PSID d65c4e36bd60 Credits Sebastian Neef Required privile...

7.2CVSS6.8AI score0.01034EPSS
Exploits2References3Affected Software1
wpexploit
wpexploit
added 2023/11/27 12:0 a.m.166 views

so-widgets-bundle < 1.51.0 - Admin+ Local File Inclusion

Description The plugin does not validate user input before using it to generate paths passed to include function/s, allowing users with the administrator role to perform LFI attacks in the context of Multisite WordPress sites. 1. Create a multi-site wordpress setup, i.e. using docker-containers,...

7.2CVSS8.7AI score0.01034EPSS
Exploits2
Rows per page
Query Builder