Lucene search

WpvulndbWPVDB-ID:AD352589-878A-4200-BF09-B838BF3EB90D

HistoryMay 21, 2024 - 12:00 a.m.

Page Builder by SiteOrigin < 2.29.16 - Contributor+ Stored XSS via siteorigin_widget Shortcode

2024-05-2100:00:00

wpscan.com

plugin

vulnerability

stored cross-site scripting

input sanitization

output escaping

authenticated attackers

contributor-level access

6.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

21.3%

JSON

Description The plugin is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘siteorigin_widget’ shortcode due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CPENameOperatorVersion
eq2.29.16

CPE	Name	Operator	Version
		eq	2.29.16

References

www.wordfence.com/threat-intel/vulnerabilities/id/a97f72f6-86f7-45dc-908a-292ba735071d

6.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

21.3%

JSON

Related for WPVDB-ID:AD352589-878A-4200-BF09-B838BF3EB90D