Lucene search
+L
SiteoriginSiteorigin Widgets Bundle

10 matches found

CVE
CVE
added 2024/02/20 6:56 p.m.106 views

CVE-2024-1058

The CVE-2024-1058 entry concerns the WordPress SiteOrigin Widgets Bundle plugin. Affected component: the onclick parameter, with stored cross-site scripting (XSS) via input sanitization/escaping in versions up to 1.58.3. Exploitation requires attacker credentials at Contributor level or higher; i...

6.4CVSS6AI score0.00439EPSS
CVE
CVE
added 2024/03/13 3:27 p.m.82 views

CVE-2024-1723

The CVE-2024-1723 entry concerns SiteOrigin Widgets Bundle for WordPress (vulnerable through 1.58.7) with Stored XSS via multiple parameters. Affected parameters include: $instance['fonts']['title_options']['tag'], $headline_tag, $sub_headline_tag, and $feature['icon']; exploitation requires auth...

6.4CVSS6.1AI score0.00501EPSS
CVE
CVE
added 2024/02/20 6:56 p.m.77 views

CVE-2024-1070

CVE-2024-1070 concerns the SiteOrigin Widgets Bundle plugin for WordPress. It describes a Stored XSS via the features attribute in all versions up to 1.58.2 caused by insufficient input sanitization and output escaping. The vulnerability permits authenticated attackers with contributor+ privilege...

6.4CVSS6.1AI score0.00531EPSS
CVE
CVE
added 2023/12/18 8:8 p.m.72 views

CVE-2023-6295

CVE-2023-6295 affects the SiteOrigin Widgets Bundle on WordPress, specifically versions

7.2CVSS7AI score0.01034EPSS
Web
CVE
CVE
added 2024/07/30 8:30 p.m.65 views

CVE-2024-5901

CVE-2024-5901 affects SiteOrigin Widgets Bundle (WordPress) up to version 1.62.2. It is a Stored Cross-Site Scripting vulnerability in the Image Grid widget caused by insufficient input sanitization and output escaping on user-supplied attributes. Exploitation requires at least contributor-level ...

6.4CVSS5.7AI score0.00393EPSS
CVE
CVE
added 2024/05/22 8:31 a.m.60 views

CVE-2024-4362

CVE-2024-4362 affects SiteOrigin Widgets Bundle for WordPress. It is a Stored XSS via the plugin’s siteorigin_widget shortcode, in all versions up to and including 1.60.0, caused by insufficient input sanitization and output escaping on user-supplied attributes. The vulnerability can be exploited...

6.4CVSS5.9AI score0.00364EPSS
CVE
CVE
added 2024/12/13 2:24 p.m.59 views

CVE-2024-54268

CVE-2024-54268 : A Missing Authorization vulnerability in SiteOrigin Widgets Bundle (WordPress plugin) affects versions up to 1.64.0. The root cause is an incorrectly configured access control security level, enabling broken access control. Public sources (Patchstack, Red Hat, CVE listings) descr...

8.8CVSS7.2AI score0.00592EPSS
CVE
CVE
added 2024/06/11 2:1 a.m.58 views

CVE-2024-5090

CVE-2024-5090: SiteOrigin Widgets Bundle (WordPress)

6.4CVSS5.9AI score0.00298EPSS
CVE
CVE
added 2024/02/05 9:21 p.m.56 views

CVE-2024-0961

CVE-2024-0961 : The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the code editor in all versions up to 1.58.1 due to insufficient input sanitization and output escaping. The issue allows authenticated attackers with contributor+ privileges to inj...

6.4CVSS5.7AI score0.00531EPSS
CVE
CVE
added 2025/06/25 2:22 a.m.28 views

CVE-2025-5585

The CVE-2025-5585 entry concerns the SiteOrigin Widgets Bundle plugin for WordPress. A Stored Cross-Site Scripting flaw exists in all versions up to 1.68.4 (and discussed variants up to 1.68.5 in related advisories) due to insufficient input sanitization and output escaping, specifically via the ...

6.4CVSS5.9AI score0.00169EPSS