Vulnerabilities > Siteorigin
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-12-13 | CVE-2024-54268 | Unspecified vulnerability in Siteorigin Widgets Bundle Missing Authorization vulnerability in SiteOrigin SiteOrigin Widgets Bundle allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SiteOrigin Widgets Bundle: from n/a through 1.64.0. | 8.8 |
| 2024-07-30 | CVE-2024-5901 | Cross-site Scripting vulnerability in Siteorigin Widgets Bundle The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Grid widget in all versions up to, and including, 1.62.2 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-06-11 | CVE-2024-5090 | Cross-site Scripting vulnerability in Siteorigin Widgets Bundle The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's SiteOrigin Blog Widget in all versions up to, and including, 1.61.1 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-05-22 | CVE-2024-4362 | Cross-site Scripting vulnerability in Siteorigin Widgets Bundle The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'siteorigin_widget' shortcode in all versions up to, and including, 1.60.0 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-03-23 | CVE-2024-2202 | Cross-site Scripting vulnerability in Siteorigin Page Builder The Page Builder by SiteOrigin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the legacy Image widget in all versions up to, and including, 2.29.6 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-03-13 | CVE-2024-1723 | Cross-site Scripting vulnerability in Siteorigin Widgets Bundle The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in all versions up to, and including, 1.58.7 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-02-29 | CVE-2024-1058 | Cross-site Scripting vulnerability in Siteorigin Widgets Bundle The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the onclick parameter in all versions up to, and including, 1.58.3 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-02-29 | CVE-2024-1070 | Cross-site Scripting vulnerability in Siteorigin Widgets Bundle The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the features attribute in all versions up to, and including, 1.58.2 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-02-05 | CVE-2024-0961 | Cross-site Scripting vulnerability in Siteorigin Widgets Bundle The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the code editor in all versions up to, and including, 1.58.1 due to insufficient input sanitization and output escaping. | 5.4 |
| 2023-12-18 | CVE-2023-6295 | Unspecified vulnerability in Siteorigin Widgets Bundle The SiteOrigin Widgets Bundle WordPress plugin before 1.51.0 does not validate user input before using it to generate paths passed to include function/s, allowing users with the administrator role to perform LFI attacks in the context of Multisite WordPress sites. | 7.2 |