Siteorigin Siteorigin_widgets_bundle
10 CVEs affecting Siteorigin Siteorigin_widgets_bundle. Latest disclosed: 2025-06-25. Critical: 0, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2023-6295 | High | 7.2 | 2023-12-18 | The SiteOrigin Widgets Bundle WordPress plugin before 1.51.0 does not validate user input before using it to generate paths passed to include function/s, allow… |
CVE-2025-5585 | Medium | 6.4 | 2025-06-25 | The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `data-url` DOM Element Attribute in all versions up to… |
CVE-2024-5901 | Medium | 6.4 | 2024-07-30 | The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Grid widget in all versions up to, and including… |
CVE-2024-5090 | Medium | 6.4 | 2024-06-11 | The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's SiteOrigin Blog Widget in all versions up to… |
CVE-2024-4362 | Medium | 6.4 | 2024-05-22 | The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'siteorigin_widget' shortcode in all versions… |
CVE-2024-1723 | Medium | 6.4 | 2024-03-13 | The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in all versions up to, and including, 1… |
CVE-2024-1070 | Medium | 6.4 | 2024-02-29 | The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the features attribute in all versions up to, and including… |
CVE-2024-1058 | Medium | 6.4 | 2024-02-29 | The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the onclick parameter in all versions up to, and including… |
CVE-2024-0961 | Medium | 6.4 | 2024-02-05 | The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the code editor in all versions up to, and including, 1.58… |
CVE-2024-54268 | Medium | 4.3 | 2024-12-13 | Missing Authorization vulnerability in Greg - SiteOrigin SiteOrigin Widgets Bundle so-widgets-bundle allows Exploiting Incorrectly Configured Access Control Se… |