cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-5901,https://securityvulnerability.io/vulnerability/CVE-2024-5901,SiteOrigin Widgets Bundle <= 1.62.2 - Authenticated (Contributor+) Stored Cross-Site Scripting in Image Grid widget,"The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Grid widget in all versions up to, and including, 1.62.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,Siteorigin Widgets Bundle,6.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-07-30T20:30:04.912Z,0
CVE-2024-5090,https://securityvulnerability.io/vulnerability/CVE-2024-5090,Stored Cross-Site Scripting Vulnerability in SiteOrigin Widgets Bundle Plugin,"The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's SiteOrigin Blog Widget in all versions up to, and including, 1.61.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,Siteorigin Widgets Bundle,6.4,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-06-11T02:01:54.264Z,0
CVE-2024-4362,https://securityvulnerability.io/vulnerability/CVE-2024-4362,Stored Cross-Site Scripting Vulnerability in SiteOrigin Widgets Bundle Plugin,"The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'siteorigin_widget' shortcode in all versions up to, and including, 1.60.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,Siteorigin Widgets Bundle,6.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-05-22T08:31:22.880Z,0
CVE-2024-1723,https://securityvulnerability.io/vulnerability/CVE-2024-1723,Stored Cross-Site Scripting Vulnerability Affects SiteOrigin Widgets Bundle Plugin,"The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in all versions up to, and including, 1.58.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Affected parameters include: $instance['fonts']['title_options']['tag'], $headline_tag, $sub_headline_tag, $feature['icon'].",Wordpress,Siteorigin Widgets Bundle,6.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-03-13T15:27:21.210Z,0
CVE-2024-1070,https://securityvulnerability.io/vulnerability/CVE-2024-1070,Stored Cross-Site Scripting Vulnerability in SiteOrigin Widgets Bundle Plugin,"The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the features attribute in all versions up to, and including, 1.58.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,SiteOrigin Widgets Bundle,5.4,MEDIUM,0.0005699999746866524,false,,false,false,false,,false,false,2024-02-29T01:43:00.000Z,0
CVE-2024-1058,https://securityvulnerability.io/vulnerability/CVE-2024-1058,Stored Cross-Site Scripting Vulnerability in SiteOrigin Widgets Bundle Plugin,"The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the onclick parameter in all versions up to, and including, 1.58.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor access or higher to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 1.58.3 offers a partial fix.",Wordpress,SiteOrigin Widgets Bundle,5.4,MEDIUM,0.0006099999882280827,false,,false,false,false,,false,false,2024-02-29T01:43:00.000Z,0
CVE-2024-0961,https://securityvulnerability.io/vulnerability/CVE-2024-0961,Stored Cross-Site Scripting Vulnerability in SiteOrigin Widgets Bundle Plugin,"The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the code editor in all versions up to, and including, 1.58.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,SiteOrigin Widgets Bundle,5.4,MEDIUM,0.0005600000149570405,false,,false,false,false,,false,false,2024-02-05T21:21:48.120Z,0
CVE-2023-6295,https://securityvulnerability.io/vulnerability/CVE-2023-6295,so-widgets-bundle < 1.51.0 - Admin+ Local File Inclusion,"The SiteOrigin Widgets Bundle plugin for WordPress prior to version 1.51.0 contains a vulnerability due to inadequate validation of user input. This oversight permits users with administrator privileges on Multisite installations to exploit Local File Inclusion (LFI) attacks. Consequently, attackers may manipulate paths fed to the include functions, potentially leading to unauthorized access to sensitive files on the server.",Wordpress,SiteOrigin Widgets Bundle,7.2,HIGH,0.0008399999933317304,false,,false,false,false,,false,false,2023-12-18T20:15:00.000Z,0