CVE-2026-7615

The Widget Context plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.3. This is due to missing or incorrect nonce validation on the savewidgetcontextsettings function. This makes it possible for unauthenticated attackers to modify widget...

CVE-2026-7615

The CVE-2026-7615 entry concerns the WordPress Widget Context plugin (versions ≤ 1.3.3). Vulnerability: Cross-Site Request Forgery due to missing or incorrect nonce validation in save_widget_context_settings, allowing unauthenticated attackers to modify widget visibility context settings stored i...

WordPress Widget Context plugin <= 1.3.3 - Cross-Site Request Forgery to Settings Update vulnerability

Cross-Site Request Forgery to Settings Update vulnerability discovered by darkmode in WordPress Plugin Widget Context versions = 1.3.3...

CVE-2026-1944

Consolidated detail: CVE-2026-1944 context aligns with WordPress CallbackKiller service widget plugin, affected

CVE-2025-68868

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in codeaffairs Wp Text Slider Widget wp-text-slider-widget allows Stored XSS.This issue affects Wp Text Slider Widget: from n/a through = 1.0...

PT-2025-53745

Name of the Vulnerable Software and Affected Versions Codeaffairs Wp Text Slider Widget versions through 1.0 Description The Codeaffairs Wp Text Slider Widget contains a flaw related to improper input handling during web page creation, specifically a Stored Cross-site Scripting issue. This allows...

CVE-2025-13135

The HotelRunner Booking Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'hotelrunner' shortcode in all versions up to, and including, 5.2.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

EUVD-2025-60926

The Include Fussball.de Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'api' and 'type' parameters in all versions up to, and including, 4.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2025-32222

CVE-2025-32222 affects WordPress Widget Logic plugin, with Code Injection allowing Remote Code Execution in Widget Logic

CVE-2025-10580

Widget Options (WordPress plugin) is affected by a stored cross-site scripting (XSS) vulnerability in versions up to 4.1.2, allowing authenticated attackers with Contributor+ or higher privileges to inject scripts that run on pages accessed by users. Wordfence reports the vulnerability with CVSS ...

EUVD-2025-30745

Malicious code in bioql PyPI...

CVE-2025-57981

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in catchsquare WP Social Widget wp-social-widget allows Stored XSS.This issue affects WP Social Widget: from n/a through = 2.3.1...

CVE-2025-57919

Deserialization of Untrusted Data vulnerability in ConveyThis ConveyThis conveythis-translate allows Object Injection.This issue affects ConveyThis: from n/a through = 269.1...

CVE-2025-57981

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in catchsquare WP Social Widget wp-social-widget allows Stored XSS.This issue affects WP Social Widget: from n/a through = 2.3.1...

CVE-2025-57919

Deserialization of Untrusted Data vulnerability in ConveyThis ConveyThis conveythis-translate allows Object Injection.This issue affects ConveyThis: from n/a through = 269.1...

CVE-2025-57919 WordPress ConveyThis plugin <= 269.1 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in ConveyThis ConveyThis conveythis-translate allows Object Injection.This issue affects ConveyThis: from n/a through = 269.1...

CVE-2025-9887 Custom Login And Signup Widget <= 1.0 - Cross-Site Request Forgery

The Custom Login And Signup Widget plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation in the /frndzkadminclsw.php file. This makes it possible for unauthenticated attackers to change the...

CVE-2025-39549 WordPress Most And Least Read Posts Widget plugin <= 2.5.20 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in whiletrue Most And Least Read Posts Widget most-and-least-read-posts-widget allows Stored XSS.This issue affects Most And Least Read Posts Widget: from n/a through = 2.5.20...

WordPress Widget for Social Page Feeds plugin < 6.4.2 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Krugov Artyom in WordPress Plugin Widget for Social Page Feeds versions 6.4.2...

CVE-2025-31768 WordPress Widget Manager Light plugin <= 1.18 - Broken Access Control vulnerability

Missing Authorization vulnerability in OTWthemes Widget Manager Light allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Widget Manager Light: from n/a through 1.18...