I have been playing around with Siteorigin and found that the text editor allows script tags which in most case is a vulnerability. the scripts is also not stripped off in WP main editor as well. !
Version 2.6.0
widget 1.11.2
Theme vantage
After reading through the forum it seems siteorigin allowed it intentionally but what kind of security has been done ? .
Hi Raja,
Only users with the correct permission (specifically unfiltered_html) are able to add script tags via WordPress (regardless of SiteOrigin Page Builder or not). This is a standard WordPress capability and should only be given to users who need such permissions (which are typically admin users).