PT-2026-22713 · WordPress · The Page Builder By Siteorigin
Suyoung Kim
·
Published
2026-03-03
·
Updated
2026-03-03
·
CVE-2026-2448
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Page Builder by SiteOrigin versions prior to 2.33.5
Description
The Page Builder by SiteOrigin plugin for WordPress is susceptible to a Local File Inclusion issue. This allows authenticated attackers with Contributor-level access or higher to include and execute arbitrary files on the server. The
locate template() function is the point of entry for this issue. Successful exploitation can lead to bypassing access controls, obtaining sensitive data, or achieving code execution through the inclusion of files, potentially including uploaded images and other file types.Recommendations
Update Page Builder by SiteOrigin to version 2.33.5 or later.
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
The Page Builder By Siteorigin