Lucene search
WpvulndbWPVDB-ID:1828C517-8C85-4737-8B75-C73D45A5FBDFHistoryFeb 12, 2024 - 12:00 a.m.
SiteOrigin Widgets Bundle < 1.58.4 - Contributor+ Stored Cross-Site Scripting
2024-02-1200:00:00
wpscan.com
9
siteorigin widgets
stored cross-site scripting
input sanitization
output escaping
authenticated attackers
Description The plugin is vulnerable to Stored Cross-Site Scripting via the code editor due to insufficient input sanitization and output escaping, allowing authenticated attackers, with contributor access or higher, to perform Stored XSS attacks
Related
cve
cve
CVE-2024-1058
2024-02-29 01:43:38
prion
prion
Cross site scripting
2024-02-29 01:43:00
nvd
nvd
CVE-2024-1058
2024-02-29 01:43:38
vulnrichment
vulnrichment
CVE-2024-1058
2024-02-20 18:56:52
cvelist
cvelist
CVE-2024-1058
2024-02-20 18:56:52
wordfence
wordfence
AI Score
5.5
Confidence
High
EPSS
0
Percentile
15.5%
Related for WPVDB-ID:1828C517-8C85-4737-8B75-C73D45A5FBDF