44 matches found
CVE-2023-45045
Missing Authorization vulnerability in krozero WP Custom Widget area wp-custom-widget-area allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Custom Widget area: from n/a through = 1.2.5...
CVE-2025-23844
Cross-Site Request Forgery CSRF vulnerability in Jamsheer K Custom Widget Classes custom-widget-classes allows Cross Site Request Forgery.This issue affects Custom Widget Classes: from n/a through = 1.1...
CVE-2025-23750
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in devbunchuk Custom Widget Creator custom-widget-creator allows Reflected XSS.This issue affects Custom Widget Creator: from n/a through = 1.0.5...
WordPress ElementsKit Elementor Addons and Templates plugin <= 3.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Widget vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Custom Widget vulnerability discovered by Hardik Raval in WordPress Plugin ElementsKit Elementor addons Lite versions = 3.5.2...
MAL-2025-192423 Malicious code in vue2-amis-custom-widget-pro (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c676b8d3fdeb2773313404ba039b4e2162b5e516e6938db609188c352f319cc8 The package vue2-amis-custom-widget-pro was found to contain malicious code. Source: ghsa-malware...
Malicious code in @custom-widget/sdk (npm)
The package @custom-widget/sdk was found to contain malicious code...
MAL-2025-48464 Malicious code in @custom-widget/sdk (npm)
The package @custom-widget/sdk was found to contain malicious code...
EUVD-2025-3388
Malicious code in bioql PyPI...
EUVD-2025-3471
Malicious code in bioql PyPI...
EUVD-2023-49366
Malicious code in bioql PyPI...
CVE-2023-6066
The WP Custom Widget area WordPress plugin through 1.2.5 does not properly apply capability and nonce checks on any of its AJAX action callback functions, which could allow attackers with subscriber+ privilege to create, delete or modify menus on the site...
Malicious code in zzr-react-custom-widget (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4cc679d3328b5509a2417ca20a366fb8e1113772f0f3e39a99e6fb2faab531cf Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-2200 Malicious code in zz-react-custom-widget (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0c52c19012a2e7ff5c32331c8fb8bdf0ec9811d36c029f8d2ff30de7c98fdf6f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in zz-react-custom-widget (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0c52c19012a2e7ff5c32331c8fb8bdf0ec9811d36c029f8d2ff30de7c98fdf6f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in v1ue-custom-widget-template (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3f7e56b04ae3ca44fba371adba340a3933b9fb3e7899bc2da0a2c868373970b5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-2138 Malicious code in vue-custom-widget-template1 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 21b54ec1679cbeb92bfd2aaa272446918c32899d07a1fc5e4211c07323790f26 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in vue-custom-widget-template1 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 21b54ec1679cbeb92bfd2aaa272446918c32899d07a1fc5e4211c07323790f26 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2025-23750
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in devbunchuk Custom Widget Creator custom-widget-creator allows Reflected XSS.This issue affects Custom Widget Creator: from n/a through = 1.0.5...
CVE-2025-23750 WordPress Custom Widget Creator plugin <= 1.0.5 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in devbunchuk Custom Widget Creator custom-widget-creator allows Reflected XSS.This issue affects Custom Widget Creator: from n/a through = 1.0.5...
CVE-2025-23750 WordPress Custom Widget Creator plugin <= 1.0.5 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in devbunchuk Custom Widget Creator custom-widget-creator allows Reflected XSS.This issue affects Custom Widget Creator: from n/a through = 1.0.5...