cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-5901,https://securityvulnerability.io/vulnerability/CVE-2024-5901,SiteOrigin Widgets Bundle <= 1.62.2 - Authenticated (Contributor+) Stored Cross-Site Scripting in Image Grid widget,"The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Grid widget in all versions up to, and including, 1.62.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,Siteorigin Widgets Bundle,6.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-07-30T20:30:04.912Z,0
CVE-2024-4970,https://securityvulnerability.io/vulnerability/CVE-2024-4970,Unfiltered HTML Settings Vulnerability in Widget Bundle WordPress Plugin,"The Widget Bundle WordPress plugin through 2.0.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)",Wordpress,Widget Bundle,4.8,MEDIUM,0.00044999999227002263,false,,false,false,true,true,false,false,2024-06-21T06:00:05.870Z,0
CVE-2024-4969,https://securityvulnerability.io/vulnerability/CVE-2024-4969,CSRF Vulnerability in Widget Bundle WordPress Plugin,"The Widget Bundle WordPress plugin through 2.0.0 does not have CSRF checks when logging Widgets, which could allow attackers to make logged in admin enable/disable widgets via a CSRF attack",Wordpress,Widget Bundle,4.3,MEDIUM,0.0004600000102072954,false,,false,false,true,true,false,false,2024-06-21T06:00:05.590Z,0
CVE-2024-4616,https://securityvulnerability.io/vulnerability/CVE-2024-4616,Cross-Site Scripting Vulnerability in Widget Bundle WordPress Plugin,"The Widget Bundle WordPress plugin through 2.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against only unauthenticated users",Wordpress,Widget Bundle,6.1,MEDIUM,0.0004600000102072954,false,,false,false,true,true,false,false,2024-06-21T06:00:05.195Z,0
CVE-2024-5090,https://securityvulnerability.io/vulnerability/CVE-2024-5090,Stored Cross-Site Scripting Vulnerability in SiteOrigin Widgets Bundle Plugin,"The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's SiteOrigin Blog Widget in all versions up to, and including, 1.61.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,Siteorigin Widgets Bundle,6.4,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-06-11T02:01:54.264Z,0
CVE-2024-4362,https://securityvulnerability.io/vulnerability/CVE-2024-4362,Stored Cross-Site Scripting Vulnerability in SiteOrigin Widgets Bundle Plugin,"The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'siteorigin_widget' shortcode in all versions up to, and including, 1.60.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,Siteorigin Widgets Bundle,6.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-05-22T08:31:22.880Z,0
CVE-2024-1723,https://securityvulnerability.io/vulnerability/CVE-2024-1723,Stored Cross-Site Scripting Vulnerability Affects SiteOrigin Widgets Bundle Plugin,"The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in all versions up to, and including, 1.58.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Affected parameters include: $instance['fonts']['title_options']['tag'], $headline_tag, $sub_headline_tag, $feature['icon'].",Wordpress,Siteorigin Widgets Bundle,6.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-03-13T15:27:21.210Z,0
CVE-2024-1070,https://securityvulnerability.io/vulnerability/CVE-2024-1070,Stored Cross-Site Scripting Vulnerability in SiteOrigin Widgets Bundle Plugin,"The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the features attribute in all versions up to, and including, 1.58.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,SiteOrigin Widgets Bundle,5.4,MEDIUM,0.0005699999746866524,false,,false,false,false,,false,false,2024-02-29T01:43:00.000Z,0
CVE-2024-1058,https://securityvulnerability.io/vulnerability/CVE-2024-1058,Stored Cross-Site Scripting Vulnerability in SiteOrigin Widgets Bundle Plugin,"The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the onclick parameter in all versions up to, and including, 1.58.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor access or higher to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 1.58.3 offers a partial fix.",Wordpress,SiteOrigin Widgets Bundle,5.4,MEDIUM,0.0006099999882280827,false,,false,false,false,,false,false,2024-02-29T01:43:00.000Z,0
CVE-2024-0961,https://securityvulnerability.io/vulnerability/CVE-2024-0961,Stored Cross-Site Scripting Vulnerability in SiteOrigin Widgets Bundle Plugin,"The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the code editor in all versions up to, and including, 1.58.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,SiteOrigin Widgets Bundle,5.4,MEDIUM,0.0005600000149570405,false,,false,false,false,,false,false,2024-02-05T21:21:48.120Z,0
CVE-2023-6295,https://securityvulnerability.io/vulnerability/CVE-2023-6295,so-widgets-bundle < 1.51.0 - Admin+ Local File Inclusion,"The SiteOrigin Widgets Bundle plugin for WordPress prior to version 1.51.0 contains a vulnerability due to inadequate validation of user input. This oversight permits users with administrator privileges on Multisite installations to exploit Local File Inclusion (LFI) attacks. Consequently, attackers may manipulate paths fed to the include functions, potentially leading to unauthorized access to sensitive files on the server.",Wordpress,SiteOrigin Widgets Bundle,7.2,HIGH,0.0008399999933317304,false,,false,false,false,,false,false,2023-12-18T20:15:00.000Z,0