10 matches found
CVE-2024-1058
The CVE-2024-1058 entry concerns the WordPress SiteOrigin Widgets Bundle plugin. Affected component: the onclick parameter, with stored cross-site scripting (XSS) via input sanitization/escaping in versions up to 1.58.3. Exploitation requires attacker credentials at Contributor level or higher; i...
CVE-2024-1723
The CVE-2024-1723 entry concerns SiteOrigin Widgets Bundle for WordPress (vulnerable through 1.58.7) with Stored XSS via multiple parameters. Affected parameters include: $instance['fonts']['title_options']['tag'], $headline_tag, $sub_headline_tag, and $feature['icon']; exploitation requires auth...
CVE-2024-1070
CVE-2024-1070 concerns the SiteOrigin Widgets Bundle plugin for WordPress. It describes a Stored XSS via the features attribute in all versions up to 1.58.2 caused by insufficient input sanitization and output escaping. The vulnerability permits authenticated attackers with contributor+ privilege...
CVE-2023-6295
CVE-2023-6295 affects the SiteOrigin Widgets Bundle on WordPress, specifically versions
CVE-2024-5901
CVE-2024-5901 affects SiteOrigin Widgets Bundle (WordPress) up to version 1.62.2. It is a Stored Cross-Site Scripting vulnerability in the Image Grid widget caused by insufficient input sanitization and output escaping on user-supplied attributes. Exploitation requires at least contributor-level ...
CVE-2024-4362
CVE-2024-4362 affects SiteOrigin Widgets Bundle for WordPress. It is a Stored XSS via the plugin’s siteorigin_widget shortcode, in all versions up to and including 1.60.0, caused by insufficient input sanitization and output escaping on user-supplied attributes. The vulnerability can be exploited...
CVE-2024-54268
CVE-2024-54268 : A Missing Authorization vulnerability in SiteOrigin Widgets Bundle (WordPress plugin) affects versions up to 1.64.0. The root cause is an incorrectly configured access control security level, enabling broken access control. Public sources (Patchstack, Red Hat, CVE listings) descr...
CVE-2024-5090
CVE-2024-5090: SiteOrigin Widgets Bundle (WordPress)
CVE-2024-0961
CVE-2024-0961 : The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the code editor in all versions up to 1.58.1 due to insufficient input sanitization and output escaping. The issue allows authenticated attackers with contributor+ privileges to inj...
CVE-2025-5585
The CVE-2025-5585 entry concerns the SiteOrigin Widgets Bundle plugin for WordPress. A Stored Cross-Site Scripting flaw exists in all versions up to 1.68.4 (and discussed variants up to 1.68.5 in related advisories) due to insufficient input sanitization and output escaping, specifically via the ...