33 matches found
CVE-2026-14158
The Widget Logic Visual plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.52 via the widgetlogicvisualcheckvisibility function. This is due to missing capability check and nonce verification on the widget-logic-update-conditional-tags AJAX action...
CVE-2026-14158 Widget Logic Visual <= 1.52 - Authenticated (Subscriber+) Remote Code Execution via 'nwlv[cod-tag]' Parameter
The Widget Logic Visual plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.52 via the widgetlogicvisualcheckvisibility function. This is due to missing capability check and nonce verification on the widget-logic-update-conditional-tags AJAX action...
CVE-2026-14158
The Widget Logic Visual plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.52 via the widgetlogicvisualcheckvisibility function. This is due to missing capability check and nonce verification on the widget-logic-update-conditional-tags AJAX action...
CVE-2026-14158
The Widget Logic Visual plugin for WordPress is affected by a Remote Code Execution vulnerability in all versions up to 1.52. The issue arises in the widget_logic_visual_check_visibility flow and the widget-logic-update-conditional-tags AJAX action due to missing capability check and nonce verifi...
EUVD-2026-42161
The Widget Logic Visual plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.52 via the widgetlogicvisualcheckvisibility function. This is due to missing capability check and nonce verification on the widget-logic-update-conditional-tags AJAX action...
PT-2026-56310
Name of the Vulnerable Software and Affected Versions Widget Logic Visual versions prior to 1.53 Description Authenticated attackers with subscriber-level access and above can achieve remote code execution on the server. The issue occurs during the widget-logic-update-conditional-tags AJAX action...
CVE-2025-68842
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in totalbounty Widget Logic Visual widget-logic-visual allows Reflected XSS.This issue affects Widget Logic Visual: from n/a through = 1.52...
CVE-2025-68842
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in totalbounty Widget Logic Visual widget-logic-visual allows Reflected XSS.This issue affects Widget Logic Visual: from n/a through = 1.52...
CVE-2025-68842 WordPress Widget Logic Visual plugin <= 1.52 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in totalbounty Widget Logic Visual widget-logic-visual allows Reflected XSS.This issue affects Widget Logic Visual: from n/a through = 1.52...
CVE-2025-68842 WordPress Widget Logic Visual plugin <= 1.52 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in totalbounty Widget Logic Visual widget-logic-visual allows Reflected XSS.This issue affects Widget Logic Visual: from n/a through = 1.52...
CVE-2025-68842
CVE-2025-68842 describes a Reflected Cross-Site Scripting (XSS) vulnerability in the WordPress plugin Widget Logic Visual . Affected software: Widget Logic Visual
WordPress plugin Widget Logic Visual 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...
PT-2026-21104
Name of the Vulnerable Software and Affected Versions Widget Logic Visual versions through 1.52 Description The software contains a flaw related to improper handling of user-supplied data when creating web pages, potentially leading to Reflected Cross-site Scripting XSS. This means an attacker...
WordPress Widget Logic Visual plugin <= 1.52 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by Skalucy in WordPress Plugin Widget Logic Visual versions = 1.52...
CVE-2025-32222
Improper Control of Generation of Code 'Code Injection' vulnerability in Widgetlogic.org Widget Logic widget-logic allows Code Injection.This issue affects Widget Logic: from n/a through = 6.0.5...
CVE-2025-32222
Improper Control of Generation of Code 'Code Injection' vulnerability in Widgetlogic.org Widget Logic widget-logic allows Code Injection.This issue affects Widget Logic: from n/a through = 6.0.5...
CVE-2025-32222 WordPress Widget Logic <= 6.0.5 - Remote Code Execution (RCE) Vulnerability
Improper Control of Generation of Code 'Code Injection' vulnerability in Widgetlogic.org Widget Logic widget-logic allows Code Injection.This issue affects Widget Logic: from n/a through = 6.0.5...
EUVD-2025-38031
Improper Control of Generation of Code 'Code Injection' vulnerability in Widgetlogic.org Widget Logic widget-logic allows Code Injection.This issue affects Widget Logic: from n/a through = 6.0.5...
CVE-2025-32222
CVE-2025-32222 affects WordPress Widget Logic plugin, with Code Injection allowing Remote Code Execution in Widget Logic
CVE-2025-32222 WordPress Widget Logic <= 6.0.5 - Remote Code Execution (RCE) Vulnerability
Improper Control of Generation of Code 'Code Injection' vulnerability in Widgetlogic.org Widget Logic widget-logic allows Code Injection.This issue affects Widget Logic: from n/a through = 6.0.5...