106 matches found
PT-2024-36753 · Unknown · Marketingfire Widget Options
Name of the Vulnerable Software and Affected Versions: MarketingFire Widget Options versions 4.0.6.1 and earlier Description: The issue is related to a missing authorization vulnerability in MarketingFire Widget Options, which allows exploiting incorrectly configured access control security level...
WordPress Widget Options plugin <= 4.0.6.1 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin Widget Options versions = 4.0.6.1...
WordPress plugin KiviCare SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection...
The vulnerability of the eval() function in the Widget Options plugin of the WordPress content management system allows a hacker to execute arbitrary code.
The vulnerability of the eval function in the Widget Options plugin of the WordPress content management system is related to improper handling of code generation due to incorrect validation of input data. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...
Exploit for CVE-2024-8672
CVE-2024-8672: Authenticated Contributor Remote Code Execution...
CVE-2024-8672 Widget Options – The #1 WordPress Widget & Block Control Plugin <= 4.0.7 - Authenticated (Contributor+) Remote Code Execution
The Widget Options – The 1 WordPress Widget & Block Control Plugin plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.0.7 via the display logic functionality that extends several page builders. This is due to the plugin allowing users to supply inp...
CVE-2024-8672
CVE-2024-8672 affects the WordPress plugin “Widget Options – The #1 WordPress Widget & Block Control Plugin” (versions
WordPress plugin Widget Options 代码注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code injection vulnerability exist...
WordPress Widget Options plugin <= 4.0.7 - Authenticated (Contributor+) Remote Code Execution vulnerability
Authenticated Contributor+ Remote Code Execution vulnerability discovered by Webbernaut in WordPress Plugin Widget Options versions = 4.0.7...
WordPress Widget Options Plugin <= 4.0.7 is vulnerable to Remote Code Execution (RCE)
Software Widget Options Type Plugin Vulnerable versions = 4.0.7 Fixed in 4.0.8 OWASP Top 10 A1: Injection Classification Remote Code Execution RCE CVE CVE-2024-8672 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID 44c40aa090ca Credits Webbernaut Required privilege...
Widget Options - Extended <= 5.1.0 & Widget Options <= 4.0.1 - Authenticated (Subscriber+) Information Disclosure
Description The Widget Options - Extended plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to 5.1.3 exclusive for Widget Options - Extended and all versions up to, and including, 4.0.1 for Widget Options. This makes it possible for unauthenticated attackers ...
CVE-2024-35691
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Marketing Fire, LLC Widget Options - Extended.This issue affects Widget Options - Extended: from n/a through 5.1.0...
CVE-2024-35691
Technical details about CVE-2024-35691 are not provided in the connected documents. Public information in the initial record is limited to a generic exposure claim for Widget Options - Extended up to version 5.1.0. Monitor for updates and official advisories.
WordPress plugin Widget Options - Extended Information Disclosure Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. An information disclosure...
WordPress Widget Options Extended plugin <= 5.1.0 - Subscriber+ User Meta Data Exposure Vulnerability
Subscriber+ User Meta Data Exposure Vulnerability discovered by Dave Jong Patchstack in WordPress Plugin Widget Options - Extended versions = 5.1.0...
WordPress Widget Options Extended plugin <= 5.1.0 - Subscriber+ Private/Draft Post Exposure Vulnerability
Subscriber+ Private/Draft Post Exposure Vulnerability discovered by Dave Jong Patchstack in WordPress Plugin Widget Options - Extended versions = 5.1.0...
WordPress Widget Options plugin <= 4.0.1 - Subscriber+ Private/Draft Post Exposure Vulnerability
Subscriber+ Private/Draft Post Exposure Vulnerability discovered by Dave Jong Patchstack in WordPress Plugin Widget Options versions = 4.0.1...
WordPress Widget Options plugin <= 4.0.1 - Subscriber+ User Meta Data Exposure Vulnerability
Subscriber+ User Meta Data Exposure Vulnerability discovered by Dave Jong Patchstack in WordPress Plugin Widget Options versions = 4.0.1...
WordPress Widget Options - Extended Plugin <= 5.1.0 is vulnerable to Sensitive Data Exposure
Software Widget Options - Extended Type Plugin Vulnerable versions = 5.1.0 Fixed in 5.1.3 OWASP Top 10 A1: Broken Access Control Classification Sensitive Data Exposure CVE CVE-2024-35691 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 3582bb729f7f Credits Dave Jong...
WordPress Widget Options - Extended Plugin <= 5.1.0 is vulnerable to Sensitive Data Exposure
Software Widget Options - Extended Type Plugin Vulnerable versions = 5.1.0 Fixed in 5.1.3 OWASP Top 10 A1: Broken Access Control Classification Sensitive Data Exposure CVE CVE-2024-35691 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 80da7493f574 Credits Dave Jong...