VYPR

Page Builder By Siteorigin

by WordPress

CVEs (6)

  • CVE-2024-2202MedMar 23, 2024
    risk 0.42cvss 6.4epss 0.00

    The Page Builder by SiteOrigin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the legacy Image widget in all versions up to, and including, 2.29.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated…

  • CVE-2024-4361MedMay 21, 2024
    risk 0.35cvss 6.4epss 0.00

    The Page Builder by SiteOrigin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'siteorigin_widget' shortcode in all versions up to, and including, 2.29.15 due to insufficient input sanitization and output escaping on user supplied attributes.…

  • CVE-2025-1459Mar 1, 2025
    risk 0.00cvss epss 0.00

    The Page Builder by SiteOrigin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Embedded Video(PB) widget in all versions up to, and including, 2.31.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated…

  • CVE-2024-12240Jan 14, 2025
    risk 0.00cvss epss 0.00

    The Page Builder by SiteOrigin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the row label parameter in all versions up to, and including, 2.31.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated…

  • CVE-2020-13642May 28, 2020
    risk 0.00cvss epss 0.01

    An issue was discovered in the SiteOrigin Page Builder plugin before 2.10.16 for WordPress. The action_builder_content function did not do any nonce verification, allowing for requests to be forged on behalf of an administrator. The panels_data $_POST variable allows for…

  • CVE-2020-13643May 28, 2020
    risk 0.00cvss epss 0.01

    An issue was discovered in the SiteOrigin Page Builder plugin before 2.10.16 for WordPress. The live editor feature did not do any nonce verification, allowing for requests to be forged on behalf of an administrator. The live_editor_panels_data $_POST variable allows for…