Stored Cross-Site Scripting Vulnerability in Livemesh SiteOrigin Widgets for WordPress
CVE-2025-8780
6.4MEDIUM
Key Information:
- Vendor
WordPress
- Vendor
- CVE Published:
- 13 December 2025
What is CVE-2025-8780?
The Livemesh SiteOrigin Widgets plugin for WordPress is susceptible to Stored Cross-Site Scripting due to inadequate sanitization and escaping of user-supplied input. Authenticated attackers with contributor-level access or higher can exploit this flaw in the Hero Header and Pricing Table widgets to inject malicious scripts. These scripts will be executed when users visit affected pages, potentially compromising user data and site integrity.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
Livemesh SiteOrigin Widgets * <= 3.9.1
References
CVSS V3.1
Score:
6.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved
Credit
D.Sim