49 matches found
CVE-2015-9436
The dynamic-widgets plugin before 1.5.11 for WordPress has XSS via the wp-admin/admin-ajax.php?action=termtree prefix or widgetid parameter...
PT-2019-7396 · WordPress · Dynamic Widgets
Name of the Vulnerable Software and Affected Versions: dynamic-widgets plugin versions prior to 1.5.11 Description: The issue concerns a CSRF with resultant XSS. It is exploitable via the "page limit" parameter in the "/wp-admin/themes.php?page=dynwid-config" API endpoint. Recommendations: For...
PT-2019-7395 · WordPress · Dynamic Widgets
Name of the Vulnerable Software and Affected Versions: dynamic-widgets plugin versions prior to 1.5.11 Description: The issue concerns a cross-site scripting XSS problem. It can be exploited via the "action=term tree" prefix or the widget id parameter in the "/wp-admin/admin-ajax.php" API endpoin...
WordPress Dynamic Widgets Plugin <= 1.5.10 - XSS
Because of this vulnerability, the attackers can inject arbitrary JavaScript or HTML code. Solution Update the plugin...
Dynamic Widgets <= 1.5.10 - Authenticated Cross-Site Scripting (XSS) & CSRF
The Dynamic Widgets WordPress plugin was affected by an Authenticated Cross-Site Scripting XSS & CSRF security vulnerability...
Dynamic Widgets <= 1.5.1 - Cross-Site Scripting (XSS)
The Dynamic Widgets WordPress plugin was affected by a Cross-Site Scripting XSS security vulnerability...
WordPress Dynamic Widgets 1.5.1 Cross Site Scripting
Hi We have used our tool, THAPS, to identify vulnerabilities in this WordPress plugin. We have confirmed at least one of the reported vulnerabilities and created a working exploit located below. Attached is one or more log files containing the output of our tool, identifying the location of the...
WordPress Plugin Dynamic Widgets 1.5.1 - themes.php Cross-Site Scripting
WordPress Plugin Dynamic Widgets 1.5.1 - themes.php Cross-Site Scripting source: https://www.securityfocus.com/bid/53513/info Dynamic Widgets plugin for WordPress is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage...
WordPress Plugin Dynamic Widgets 1.5.1 - 'themes.php' Cross-Site Scripting
source: https://www.securityfocus.com/bid/53513/info Dynamic Widgets plugin for WordPress is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an...