CVE-2024-2202

Summary

CVE-2024-2202 is a Stored Cross-Site Scripting (XSS) vulnerability affecting the Page Builder by SiteOrigin plugin for WordPress. This issue, present in all versions up to 2.29.6, allows authenticated attackers with contributor-level access or higher to inject malicious scripts into the legacy Image widget. The lack of proper input sanitization and output escaping processes enable the execution of these scripts whenever a user accesses an injected page. This vulnerability poses a significant risk, as it can lead to unintended website behavior, data theft, or even complete website takeover. It is strongly recommended that users upgrade to the latest version of the plugin to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.