Headline
CVE-2022-4619: Sidebar Widgets by CodeLights
The Sidebar Widgets by CodeLights plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘Extra CSS class’ parameter in versions up to, and including, 1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
- Details
- Reviews
- Development
This plugin has been closed as of December 13, 2022 and is not available for download. This closure is temporary, pending a full review.
CodeLights widgets work with Page Builder by SiteOrigin v2.10.11 onward. CodeLights widgets are not working with SiteOrigin Page Builder version 2.10.0 – 2.10.10
For those who face difficulties after updating SO-Page-Builder: Make use of the Plugin "WP Rollback". After rolling back Page Builder (for example to version 2.9.5) …everything works fine again! Cheers & Thank you for your excellent work!
hello, this plugin very good but not work in new version of siteorigin.
After the last update of the SiteOrigin Page Builder but unfortunately without function. And from CodeLight since days no reaction…
You can do so much with this bundle to easily create a great user experience. Keep up the great work!
Read all 35 reviews
“Sidebar Widgets by CodeLights” is open source software. The following people have contributed to this plugin.
Contributors
- Ruslan Suhar