Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
siteorigin vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-0961
The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the code editor in all versions up to, and including, 1.58.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with co...
Siteorigin Siteorigin Widgets Bundle
NA
CVE-2023-6295
The SiteOrigin Widgets Bundle WordPress plugin prior to 1.51.0 does not validate user input before using it to generate paths passed to include function/s, allowing users with the administrator role to perform LFI attacks in the context of Multisite WordPress sites.
Siteorigin Siteorigin Widgets Bundle
6.8
CVSSv2
CVE-2020-13642
An issue exists in the SiteOrigin Page Builder plugin prior to 2.10.16 for WordPress. The action_builder_content function did not do any nonce verification, allowing for requests to be forged on behalf of an administrator. The panels_data $_POST variable allows for malicious Java...
Siteorigin Page Builder
6.8
CVSSv2
CVE-2020-13643
An issue exists in the SiteOrigin Page Builder plugin prior to 2.10.16 for WordPress. The live editor feature did not do any nonce verification, allowing for requests to be forged on behalf of an administrator. The live_editor_panels_data $_POST variable allows for malicious Java...
Siteorigin Page Builder
NA
CVE-2024-1070
The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the features attribute in all versions up to, and including, 1.58.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, ...
NA
CVE-2024-2202
The Page Builder by SiteOrigin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the legacy Image widget in all versions up to, and including, 2.29.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers...
NA
CVE-2024-1058
The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the onclick parameter in all versions up to, and including, 1.58.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers wi...
NA
CVE-2024-1723
The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in all versions up to, and including, 1.58.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3661
open redirect
CVE-2024-25512
CVE-2024-33788
command injection
SSTI
CVE-2024-0043
CVE-2024-29210
CVE-2024-25510
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started