SiteOrigin Widgets Bundle

Vulnerabilities 12Slug so-widgets-bundleLatest version 1.72.0WordPress.org →

Minimum safe version

1.71.0

Update to 1.71.0 or later to address 12 fixable vulnerabilities

Latest available1.72.0 ✓

N/A

2026-02-17< 1.71.0

SiteOrigin Widgets Bundle <= 1.70.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Shortcode Execution

Wordfence CVE

Medium 6.4

2025-06-25< 1.69.0

SiteOrigin Widgets Bundle <= 1.68.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via `data-url` DOM Element Attribute

EUVD Wordfence CVE

Medium 4.3

2024-12-13< 1.64.1

CVE-2024-54268

CVE Wordfence Patchstack

Medium 5.4

2024-07-30< 1.62.3

CVE-2024-5901

CVE Wordfence Patchstack

Medium 5.4

2024-06-11< 1.62.0

CVE-2024-5090

CVE Wordfence Patchstack

Medium 5.4

2024-05-22< 1.61.0

CVE-2024-4362

CVE Patchstack Wordfence

Medium 5.4

2024-03-13< 1.58.8

CVE-2024-1723

CVE Wordfence Patchstack WPScan

Medium 5.4

2024-02-20< 1.58.3

CVE-2024-1070

CVE Wordfence Patchstack WPScan

Medium 5.4

2024-02-20< 1.58.4

CVE-2024-1058

CVE Wordfence Patchstack WPScan

Medium 5.4

2024-02-05< 1.58.2

CVE-2024-0961

CVE Patchstack WPScan

N/A

2024-01-29< 1.58.2

SiteOrigin Widgets Bundle <= 1.58.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

Wordfence

High 7.2

2023-12-18< 1.51.0

CVE-2023-6295

CVE Patchstack Wordfence WPScan