CVE-2024-5090
SiteOrigin Widgets Bundle <= 1.61.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via SiteOrigin Blog WidgetThe SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's SiteOrigin Blog Widget in all versions up to, and including, 1.61.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
We have discovered 38,685 live websites that are affected by CVE-2024-5090.
Affected Software
| Product |  So Widgets Bundle |
| Category | Wordpress Plugins |
| Vulnerable Domains | 38,685 live websites (44.94% of So Widgets Bundle install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 193 versions ( 84.65% of all versions) |
Details
- Published - Jun 11, 2024
- Updated - Aug 1, 2024
Credits
- Ngô Thiên An (finder)
CVE References
CVE-2024-5090 usage by Country
 United States | 8,813 websites |
 Germany | 5,386 websites |
 France | 2,844 websites |
 Japan | 1,993 websites |
 GB | 1,843 websites |
 Netherlands | 1,662 websites |
 Poland | 1,565 websites |
 Russia | 1,413 websites |
 Italy | 1,101 websites |
 Spain | 946 websites |
CVE-2024-5090 usage by TLD
| .com | 13,681 websites |
| .de | 2,972 websites |
| .nl | 1,644 websites |
| .org | 1,590 websites |
| .co.uk | 1,363 websites |
| .pl | 1,243 websites |
| .ru | 1,146 websites |
| .fr | 1,111 websites |
| .it | 865 websites |
| .net | 810 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2024-5090
Top websites that are affected by CVE-2024-5090. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ****.*************.com | United States | *,*** | |
| ****.***.tr |  Turkey | **,*** | |
| *************.com | United States | **,*** | |
| *****************.com | United States | **,*** | |
| ***********.com | United States | **,*** | |
| *********.org | United States | **,*** | |
| ******.org | United States | **,*** | |
| *********.com |  Indonesia | **,*** | |
| ****.**.th |  Thailand | **,*** | |
| ***.it | France | **,*** |
FAQ
A total of 38,685 websites have been identified as vulnerable to CVE-2024-5090, discovered through global website indexing conducted by WebTechSurvey.
So Widgets Bundle is susceptible to CVE-2024-5090 vulnerability.
So Widgets Bundle versions before, and including, 1.61.1 are vulnerable to CVE-2024-5090.