Siteorigin Siteorigin Widgets Bundle — known CVE vulnerabilities
Every CVE whose affected-product data names Siteorigin Siteorigin Widgets Bundle, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (10)
CVE-2023-6295 — CVSS 7.2 (high): The SiteOrigin Widgets Bundle WordPress plugin before 1.51.0 does not validate user input before using it to generate paths passed to…
CVE-2024-0961 — CVSS 6.4 (medium): The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the code editor in all versions up to…
CVE-2024-1058 — CVSS 6.4 (medium): The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the onclick parameter in all versions…
CVE-2024-1070 — CVSS 6.4 (medium): The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the features attribute in all versions…
CVE-2024-1723 — CVSS 6.4 (medium): The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in all versions up…
CVE-2024-4362 — CVSS 6.4 (medium): The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'siteorigin_widget'…
CVE-2024-5090 — CVSS 6.4 (medium): The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's SiteOrigin Blog Widget in…
CVE-2024-5901 — CVSS 6.4 (medium): The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Grid widget in all versions…
CVE-2025-5585 — CVSS 6.4 (medium): The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `data-url` DOM Element Attribute in…