3 matches found
CVE-2024-8672 Widget Options – The #1 WordPress Widget & Block Control Plugin <= 4.0.7 - Authenticated (Contributor+) Remote Code Execution
The Widget Options – The 1 WordPress Widget & Block Control Plugin plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.0.7 via the display logic functionality that extends several page builders. This is due to the plugin allowing users to supply inp...
CVE-2024-8672 Widget Options – The #1 WordPress Widget & Block Control Plugin <= 4.0.7 - Authenticated (Contributor+) Remote Code Execution
The Widget Options – The 1 WordPress Widget & Block Control Plugin plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.0.7 via the display logic functionality that extends several page builders. This is due to the plugin allowing users to supply inp...
WordPress Widget Options Plugin <= 4.0.7 is vulnerable to Remote Code Execution (RCE)
Software Widget Options Type Plugin Vulnerable versions = 4.0.7 Fixed in 4.0.8 OWASP Top 10 A1: Injection Classification Remote Code Execution RCE CVE CVE-2024-8672 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID 44c40aa090ca Credits Webbernaut Required privilege...