VYPR

Livemesh Siteorigin Widgets

by WordPress

Source repositories

CVEs (2)

  • CVE-2026-3896MedMay 27, 2026
    risk 0.42cvss 6.4epss 0.00

    The Livemesh SiteOrigin Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `lsow_admin_ajax` AJAX action in all versions up to, and including, 3.9.2 due to missing authorization checks and insufficient input sanitization. The AJAX handler verifies…

  • CVE-2025-8780MedDec 13, 2025
    risk 0.35cvss 6.4epss 0.00

    The Livemesh SiteOrigin Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Hero Header and Pricing Table widgets in all versions up to, and including, 3.9.1 due to insufficient input sanitization and output escaping on user supplied…