Vulnerabilities > Siteorigin > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-02-29 CVE-2024-1058 Cross-site Scripting vulnerability in Siteorigin Widgets Bundle
The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the onclick parameter in all versions up to, and including, 1.58.3 due to insufficient input sanitization and output escaping.
network
low complexity
siteorigin CWE-79
5.4
5.4
2024-02-29 CVE-2024-1070 Cross-site Scripting vulnerability in Siteorigin Widgets Bundle
The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the features attribute in all versions up to, and including, 1.58.2 due to insufficient input sanitization and output escaping.
network
low complexity
siteorigin CWE-79
5.4
5.4
2024-02-05 CVE-2024-0961 Cross-site Scripting vulnerability in Siteorigin Widgets Bundle
The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the code editor in all versions up to, and including, 1.58.1 due to insufficient input sanitization and output escaping.
network
low complexity
siteorigin CWE-79
5.4
5.4