CVE-2026-42643

The CVE concerns the StellarWP WordPress Image Widget (image-widget) plugin, affected up to version 4.4.11. Root cause: improper neutralization of input during web page generation, leading to a Stored Cross-Site Scripting (XSS) vulnerability. Impact, per the provided data, is an XSS condition wit...

CVE-2026-42643 WordPress Image Widget plugin <= 4.4.11 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in StellarWP Image Widget image-widget allows Stored XSS.This issue affects Image Widget: from n/a through = 4.4.11...

CVE-2024-10939

The Image Widget WordPress plugin before 4.4.11 does not sanitise and escape some of its Image Widget settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

WordPress Image Widget plugin < 4.4.11 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Image Widget versions 4.4.11...

CVE-2024-10939 Image Widget < 4.4.11 - Admin+ Stored XSS

The Image Widget WordPress plugin before 4.4.11 does not sanitise and escape some of its Image Widget settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...