Siteorigin - Siteorigin Widgets Bundle CVE

Filtered by vendor Siteorigin Subscribe

Filtered by product Siteorigin Widgets Bundle

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Total 1 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2023-6295	1 Siteorigin	1 Siteorigin Widgets Bundle	2023-12-21	N/A	7.2 HIGH
The SiteOrigin Widgets Bundle WordPress plugin before 1.51.0 does not validate user input before using it to generate paths passed to include function/s, allowing users with the administrator role to perform LFI attacks in the context of Multisite WordPress sites.

Vulnerabilities (CVE)