CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

98 matches found

Patchstack•added 2026/05/06 9:52 a.m.•1 views

WordPress Widget Options - Extended plugin <= 5.3.2 - Authenticated (Contributor+) Remote Code Execution vulnerability

WordPress Widget Options - Extended plugin = 5.3.2 - Authenticated Contributor+ Remote Code Execution vulnerability discovered by ? in WordPress Plugin Widget Options - Extended versions = 5.3.2...

8.8CVSS5.8AI score0.00074EPSS

Exploits0References1Affected Software1

RedhatCVE•added 2026/05/04 8:21 p.m.•0 views

CVE-2026-2052

The Widget Options – Advanced Conditional Visibility for Gutenberg Blocks & Classic Widgets plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.2.2 via the Display Logic feature. This is due to the plugin using eval on user-supplied Display Logic...

8.8CVSS6.1AI score0.00074EPSS

Exploits0References1

NVD•added 2026/05/02 8:16 a.m.•1 views

CVE-2026-2052

8.8CVSS0.00074EPSS

Exploits0References6

ATTACKERKB•added 2026/05/02 7:46 a.m.•1 views

CVE-2026-2052

8.8CVSS6.1AI score0.00074EPSS

Exploits0References7

CVE•added 2026/05/02 7:46 a.m.•9 views

CVE-2026-2052

The CVE-2026-2052 entry describes a Remote Code Execution vulnerability in the WordPress plugin Widget Options – Advanced Conditional Visibility for Gutenberg Blocks & Classic Widgets. Affected: all versions up to and including 4.2.2. Root cause: the plugin uses eval() on user-supplied Display Lo...

8.8CVSS6.1AI score0.00074EPSS

Exploits0References6

Vulnrichment•added 2026/05/02 7:46 a.m.•2 views

CVE-2026-2052 Widget Options <= 4.2.2 - Authenticated (Contributor+) Remote Code Execution via Display Logic

8.8CVSS6.1AI score0.00074EPSS

Exploits0References6

Cvelist•added 2026/05/02 7:46 a.m.•27 views

CVE-2026-2052 Widget Options <= 4.2.2 - Authenticated (Contributor+) Remote Code Execution via Display Logic

8.8CVSS0.00074EPSS

Exploits0References6

CNNVD•added 2026/05/02 12:0 a.m.•3 views

WordPress plugin Widget Options – Advanced Conditional Visibility for Gutenberg Blocks & Classic Widgets 代码注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be added to a...

8.8CVSS6.4AI score0.00074EPSS

Exploits0References1

Positive Technologies•added 2026/05/02 12:0 a.m.•1 views

PT-2026-36588

Name of the Vulnerable Software and Affected Versions Widget Options – Advanced Conditional Visibility for Gutenberg Blocks & Classic Widgets versions prior to 4.2.3 Description Remote Code Execution is possible via the Display Logic feature. The issue arises because the plugin uses the eval...

8.8CVSS6.3AI score0.00074EPSS

Exploits0References12

Vulnrichment•added 2026/04/15 8:28 a.m.•1 views

CVE-2026-3643 Accessibly <= 3.0.3 - Missing Authorization to Unauthenticated Stored Cross-Site Scripting via Widget Source Injection via REST API

The Accessibly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the REST API in all versions up to, and including, 3.0.3. The plugin registers REST API endpoints at /otm-ac/v1/update-widget-options and /otm-ac/v1/update-app-config with the permissioncallback set to returntrue...

7.2CVSS5.7AI score0.00179EPSS

Exploits0References9

ATTACKERKB•added 2026/04/15 8:28 a.m.•0 views

CVE-2026-3643

7.2CVSS5.8AI score0.00179EPSS

Exploits0References10

Cvelist•added 2026/04/15 8:28 a.m.•27 views

CVE-2026-3643 Accessibly <= 3.0.3 - Missing Authorization to Unauthenticated Stored Cross-Site Scripting via Widget Source Injection via REST API

7.2CVSS0.00179EPSS

Exploits0References9

CVE•added 2026/04/15 8:28 a.m.•6 views

CVE-2026-3643

The Accessibly WordPress plugin (versions ≤ 3.0.3) is vulnerable to an unauthenticated Stored XSS via REST API endpoints /otm-ac/v1/update-widget-options and /otm-ac/v1/update-app-config. These endpoints have permission_callback set to __return_true, so no auth checks occur. updateWidgetOptions()...

7.2CVSS5.7AI score0.00179EPSS

Exploits0References9

RedhatCVE•added 2026/03/06 7:54 a.m.•1 views

CVE-2026-27984

Improper Control of Generation of Code 'Code Injection' vulnerability in Marketing Fire Widget Options widget-options allows Code Injection.This issue affects Widget Options: from n/a through = 4.1.3...

9CVSS5.8AI score0.00056EPSS

Exploits0References1

EUVD•added 2026/03/05 6:30 a.m.•1 views

EUVD-2026-9654

6AI score0.00056EPSS

Exploits0References2

NVD•added 2026/03/05 6:16 a.m.•2 views

CVE-2026-27984

9CVSS0.00056EPSS

Exploits0References1

CVE•added 2026/03/05 5:54 a.m.•8 views

CVE-2026-27984

CVE-2026-27984 is a code injection (RCE) vulnerability in the Widget Options: Advanced Conditional Visibility for Gutenberg Blocks & Classic Widgets plugin (Widget Options) affecting versions up to 4.1.3. The issue stems from improper control of code generation, enabling remote code execution. Th...

9CVSS6AI score0.00056EPSS

Exploits0References1

Vulnrichment•added 2026/03/05 5:54 a.m.•3 views

CVE-2026-27984 WordPress Widget Options plugin <= 4.1.3 - Remote Code Execution (RCE) vulnerability

9CVSS5.8AI score0.00056EPSS

Exploits0References1

ATTACKERKB•added 2026/03/05 5:54 a.m.•1 views

CVE-2026-27984

6AI score0.00056EPSS

Exploits0References2

Cvelist•added 2026/03/05 5:54 a.m.•26 views

CVE-2026-27984 WordPress Widget Options plugin <= 4.1.3 - Remote Code Execution (RCE) vulnerability