Livemesh SiteOrigin Widgets

Vulnerabilities 8Slug livemesh-siteorigin-widgetsLatest version 3.9.2WordPress.org →

Minimum safe version

3.9.2

Update to 3.9.2 or later to address 8 fixable vulnerabilities

Latest available3.9.2
Medium 6.4
2025-12-13< 3.9.2

Livemesh SiteOrigin Widgets <= 3.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Hero Header and Pricing Table Widgets

EUVDWordfenceCVE
Medium 6.3
2024-10-16< 2.8.3

Freemius SDK <= 2.4.2 - Missing Authorization Checks

CVE
N/A
2023-07-18< 3.3

WordPress Livemesh SiteOrigin Widgets Plugin < 3.3 is vulnerable to Cross Site Scripting (XSS)

PatchstackWPScanCVE
N/A
2019-02-25< 2.5.2

Freemius SDK <= 2.2.3 - Missing Authorization to Arbitrary Options Update

Wordfence
N/A
2022-03-04< 2.8.3

Freemius SDK <= 2.4.2 - Missing Authorization Checks

Wordfence
N/A
< 2.5.2

Freemius Library &lt; 2.2.4 - Subscriber+ Arbitrary Option Update

WPScan
N/A
2022-02-28< 2.8.3

WordPress Livemesh SiteOrigin Widgets plugin <= 2.8.2 - Sensitive Information Disclosure vulnerability

Patchstack
N/A
2022-02-28< 2.8.3

WordPress Livemesh SiteOrigin Widgets plugin <= 2.8.2 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Patchstack