Siteorigin

Siteorigin Widgets Bundle

10 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4

CVE-2025-5585

  • EPSS 0.03%
  • Veröffentlicht 25.06.2025 02:22:07
  • Zuletzt bearbeitet 08.07.2025 14:54:51

The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `data-url` DOM Element Attribute in all versions up to, and including, 1.68.4 due to insufficient input sanitization and output escaping. This mak...

8.8

CVE-2024-54268

  • EPSS 0.57%
  • Veröffentlicht 13.12.2024 15:15:31
  • Zuletzt bearbeitet 12.03.2025 17:48:01

Missing Authorization vulnerability in SiteOrigin SiteOrigin Widgets Bundle allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SiteOrigin Widgets Bundle: from n/a through 1.64.0.

5.4

CVE-2024-5901

  • EPSS 0.23%
  • Veröffentlicht 30.07.2024 21:15:09
  • Zuletzt bearbeitet 13.03.2025 14:09:27

The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Grid widget in all versions up to, and including, 1.62.2 due to insufficient input sanitization and output escaping on user supplied attribu...

5.4

CVE-2024-5090

  • EPSS 0.41%
  • Veröffentlicht 11.06.2024 03:15:12
  • Zuletzt bearbeitet 24.03.2025 13:29:44

The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's SiteOrigin Blog Widget in all versions up to, and including, 1.61.1 due to insufficient input sanitization and output escaping on user su...

5.4

CVE-2024-4362

  • EPSS 0.5%
  • Veröffentlicht 22.05.2024 09:15:12
  • Zuletzt bearbeitet 24.03.2025 12:47:20

The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'siteorigin_widget' shortcode in all versions up to, and including, 1.60.0 due to insufficient input sanitization and output escaping on ...

5.4

CVE-2024-1723

  • EPSS 0.23%
  • Veröffentlicht 13.03.2024 16:15:26
  • Zuletzt bearbeitet 13.03.2025 00:59:26

The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in all versions up to, and including, 1.58.7 due to insufficient input sanitization and output escaping. This makes it possible for...

5.4

CVE-2024-1070

  • EPSS 0.2%
  • Veröffentlicht 29.02.2024 01:43:39
  • Zuletzt bearbeitet 19.01.2025 02:47:09

The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the features attribute in all versions up to, and including, 1.58.2 due to insufficient input sanitization and output escaping. This makes it possible...

5.4

CVE-2024-1058

  • EPSS 0.22%
  • Veröffentlicht 29.02.2024 01:43:38
  • Zuletzt bearbeitet 19.01.2025 02:44:46

The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the onclick parameter in all versions up to, and including, 1.58.3 due to insufficient input sanitization and output escaping. This makes it possible ...

5.4

CVE-2024-0961

  • EPSS 0.23%
  • Veröffentlicht 05.02.2024 22:16:06
  • Zuletzt bearbeitet 21.11.2024 08:47:53

The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the code editor in all versions up to, and including, 1.58.1 due to insufficient input sanitization and output escaping. This makes it possible for au...

7.2

CVE-2023-6295

Exploit
  • EPSS 0.35%
  • Veröffentlicht 18.12.2023 20:15:09
  • Zuletzt bearbeitet 21.11.2024 08:43:33

The SiteOrigin Widgets Bundle WordPress plugin before 1.51.0 does not validate user input before using it to generate paths passed to include function/s, allowing users with the administrator role to perform LFI attacks in the context of Multisite Wo...