CVE-2024-0961
The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the code editor in all versions up to, and including, 1.58.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
We have discovered 34,105 live websites that are affected by CVE-2024-0961.
Affected Software
| Product |  So Widgets Bundle |
| Category | Wordpress Plugins |
| Vulnerable Domains | 34,105 live websites (39.62% of So Widgets Bundle install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 178 versions ( 78.07% of all versions) |
Details
- Published - Feb 5, 2024
- Updated - Aug 1, 2024
Credits
- Craig Smith (finder)
CVE References
CVE-2024-0961 usage by Country
 United States | 7,703 websites |
 Germany | 4,618 websites |
 France | 2,518 websites |
 Japan | 1,841 websites |
 GB | 1,580 websites |
 Netherlands | 1,453 websites |
 Poland | 1,415 websites |
 Russia | 1,314 websites |
 Italy | 982 websites |
 Spain | 833 websites |
CVE-2024-0961 usage by TLD
| .com | 12,085 websites |
| .de | 2,516 websites |
| .nl | 1,432 websites |
| .org | 1,366 websites |
| .co.uk | 1,173 websites |
| .pl | 1,129 websites |
| .ru | 1,068 websites |
| .fr | 983 websites |
| .it | 764 websites |
| .net | 728 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2024-0961
Top websites that are affected by CVE-2024-0961. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ****.***.tr |  Turkey | **,*** | |
| *************.com | United States | **,*** | |
| *****************.com | United States | **,*** | |
| ***********.com | United States | **,*** | |
| *********.org | United States | **,*** | |
| ******.org | United States | **,*** | |
| *********.com |  Indonesia | **,*** | |
| ****.**.th |  Thailand | **,*** | |
| ***.it | France | **,*** | |
| ***.org | United States | **,*** |
FAQ
A total of 34,105 websites have been identified as vulnerable to CVE-2024-0961, discovered through global website indexing conducted by WebTechSurvey.
So Widgets Bundle is susceptible to CVE-2024-0961 vulnerability.
So Widgets Bundle versions before, and including, 1.58.1 are vulnerable to CVE-2024-0961.
References
- https://www.wordfence.com/threat-intel/vulnerabilities/id/6f7c164f-2f78-4857-94b9-077c2dea13df?source=cve
- https://plugins.trac.wordpress.org/browser/so-widgets-bundle/trunk/widgets/button/button.php#L355
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3027675%40so-widgets-bundle%2Ftrunk&old=3027506%40so-widgets-bundle%2Ftrunk&sfp_email=&sfph_mail=