CVE-2026-6913

The Shortcodely plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'widgetarea' parameter in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level acces...

PT-2026-39966

The Shortcodely plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'widget area' parameter in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level acce...

WordPress plugin WP Custom Widget area 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2025-1483 · WordPress · Kishor Khambu Wp Custom Widget Area

Name of the Vulnerable Software and Affected Versions: Kishor Khambu WP Custom Widget area versions 1.2.5 and earlier Description: The issue is related to a Missing Authorization vulnerability in the Kishor Khambu WP Custom Widget area, which allows exploiting incorrectly configured access contro...

CVE-2024-6455

The ElementsKit Elementor addons plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 3.2.0 due to a missing capability checks on ekitwidgetareacontent function. This makes it possible for unauthenticated attackers to view any item created in Elementor,...

CVE-2023-6066

The WP Custom Widget area WordPress plugin through 1.2.5 does not properly apply capability and nonce checks on any of its AJAX action callback functions, which could allow attackers with subscriber+ privilege to create, delete or modify menus on the site...

CVE-2023-6066

CVE-2023-6066 affects the WordPress plugin “WP Custom Widget area” versions 1.2.5 and earlier. The issue is that the plugin does not properly enforce capability checks and nonce validation on its AJAX action callbacks, which can allow an attacker with subscriber+ privileges to repeatedly create, ...

CVE-2023-6066 WP Custom Widget Area <= 1.2.5 - Subscriber+ Menus Creation/Deletion/Update

The WP Custom Widget area WordPress plugin through 1.2.5 does not properly apply capability and nonce checks on any of its AJAX action callback functions, which could allow attackers with subscriber+ privilege to create, delete or modify menus on the site...

PT-2024-14871 · WordPress · Wp Custom Widget Area

Name of the Vulnerable Software and Affected Versions: WP Custom Widget area WordPress plugin versions 1.2.5 and earlier Description: The issue arises from the plugin not properly applying capability and nonce checks on its AJAX action callback functions. This could allow attackers with subscribe...

WordPress Plugin WP Custom Widget area security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

WP Custom Widget Area <= 1.2.5 - Subscriber+ Menus Creation/Deletion/Update

Description The plugin does not properly apply capability and nonce checks on any of its AJAX action callback functions, which could allow attackers with subscriber+ privilege to create, delete or modify menus on the site. PoC Log in as a subscriber, and paste any of the following fetch call in...

WP Custom Widget Area <= 1.2.5 - Subscriber+ Menus Creation/Deletion/Update

Description The plugin does not properly apply capability and nonce checks on any of its AJAX action callback functions, which could allow attackers with subscriber+ privilege to create, delete or modify menus on the site. Log in as a subscriber, and paste any of the following fetch call in your...

WP Custom Widget area <= 1.2.5 - Missing Authorization

Description The WP Custom Widget area plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on several functions corresponding to AJAX actions in versions up to, and including, 1.2.5. This makes it possible for authenticated attackers, with...

Edit feed settings and others, Cross Site Scripting(XSS) Vulnerability in Latest Release 4.4.0

baserCMS 4.4.0 and earlier is affected by Cross Site Scripting XSS. Impact: XSS via Arbitrary script execution. Attack vector is: Administrator must be logged in. Components are: Edit feed settings, Edit widget area, Sub site new registration, New category registration Tested baserCMS Version :...

GHSA-WPWW-4JF4-4HX8 Edit feed settings and others, Cross Site Scripting(XSS) Vulnerability in Latest Release 4.4.0

baserCMS 4.4.0 and earlier is affected by Cross Site Scripting XSS. Impact: XSS via Arbitrary script execution. Attack vector is: Administrator must be logged in. Components are: Edit feed settings, Edit widget area, Sub site new registration, New category registration Tested baserCMS Version :...