WordPress Widget Bundle Vulnerability Affects 600,000+ Sites 

SiteOrigin WordPress Widget Vulnerability Detected This vulnerability was found in the WordPress SiteOrigin widget, version 1.58.3.

Cross-Site Scripting (XSS) Vulnerability Lets Hackers Upload Malicious Scripts Improper filtration of data on the site can let hackers access your WordPress site if you sue the SiteOrigin widget.

[{"selector":"#anim-5dfe8021-3be1-4b78-b436-315051042ac6 [data-leaf-element=\"true\"]","keyframes":{"transform":["translate(0%, 0%) scale(1.5)","translate(0%, 0%) scale(1)"]},"delay":0,"duration":2000,"easing":"cubic-bezier(.3,0,.55,1)","fill":"forwards"}]

Vulnerability Requires Authentication This SiteOrigin widget bug requires contributor level access and authentication to launch malicious scripts.

[{"selector":"#anim-13827d5a-da34-4777-9027-3376740bfd5c [data-leaf-element=\"true\"]","keyframes":{"transform":["translate3d(0%, 0, 0) translate(25%, 0%) scale(1.5)","translate3d(0%, 0, 0) translate(0%, 0%) scale(1)"]},"delay":0,"duration":2000,"fill":"forwards"}]

WordFence To The Rescue The WordFence security plugin for WordPress was the first to detect and patch this vulnerability.

[{"selector":"#anim-f197e722-de81-4129-812c-47dfb8fcb868 [data-leaf-element=\"true\"]","keyframes":{"transform":["translate(0%, 0%) scale(1.5)","translate(0%, 0%) scale(1)"]},"delay":0,"duration":2000,"easing":"cubic-bezier(.3,0,.55,1)","fill":"forwards"}]

Upgrade SiteOrigin Now! We recommend you update to version 1.58.5 of the SiteOrigin WordPress Widget Bundle.

[{"selector":"#anim-0b8302ec-98ac-437f-a8f8-b0e574c9e1ff [data-leaf-element=\"true\"]","keyframes":{"transform":["translate3d(0%, 0, 0) translate(25%, 0%) scale(1.5)","translate3d(0%, 0, 0) translate(0%, 0%) scale(1)"]},"delay":0,"duration":2000,"fill":"forwards"}]