Vulnerabilities > Siteorigin > Siteorigin Widgets Bundle > 1.58.8
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-12-13 | CVE-2024-54268 | Unspecified vulnerability in Siteorigin Widgets Bundle Missing Authorization vulnerability in SiteOrigin SiteOrigin Widgets Bundle allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SiteOrigin Widgets Bundle: from n/a through 1.64.0. | 8.8 |
| 2024-07-30 | CVE-2024-5901 | Cross-site Scripting vulnerability in Siteorigin Widgets Bundle The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Grid widget in all versions up to, and including, 1.62.2 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-06-11 | CVE-2024-5090 | Cross-site Scripting vulnerability in Siteorigin Widgets Bundle The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's SiteOrigin Blog Widget in all versions up to, and including, 1.61.1 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |