106 matches found
CVE-2026-54823
Contributor Remote Code Execution RCE in Widget Options = 4.2.3 versions...
CVE-2026-54823 WordPress Widget Options plugin <= 4.2.3 - Remote Code Execution (RCE) vulnerability
Contributor Remote Code Execution RCE in Widget Options = 4.2.3 versions...
CVE-2026-54823
Contributor Remote Code Execution RCE in Widget Options = 4.2.3 versions...
CVE-2026-54823
CVE-2026-54823 affects the WordPress Widget Options plugin, specifically versions
EUVD-2026-39365
Contributor Remote Code Execution RCE in Widget Options = 4.2.3 versions...
CVE-2024-35690
Insertion of sensitive information into sent data vulnerability in MarketingFire Widget Options allows Retrieve Embedded Sensitive Data. This issue affects Widget Options: from n/a through 4.0.1...
WordPress Widget Options plugin <= 4.2.3 - Remote Code Execution (RCE) vulnerability
Remote Code Execution RCE vulnerability discovered by daroo in WordPress Plugin Widget Options versions = 4.2.3...
WordPress Widget Options - Extended plugin <= 5.3.2 - Authenticated (Contributor+) Remote Code Execution vulnerability
WordPress Widget Options - Extended plugin = 5.3.2 - Authenticated Contributor+ Remote Code Execution vulnerability discovered by ? in WordPress Plugin Widget Options - Extended versions = 5.3.2...
CVE-2026-2052
The Widget Options – Advanced Conditional Visibility for Gutenberg Blocks & Classic Widgets plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.2.2 via the Display Logic feature. This is due to the plugin using eval on user-supplied Display Logic...
CVE-2026-2052
The Widget Options – Advanced Conditional Visibility for Gutenberg Blocks & Classic Widgets plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.2.2 via the Display Logic feature. This is due to the plugin using eval on user-supplied Display Logic...
CVE-2026-2052 Widget Options <= 4.2.2 - Authenticated (Contributor+) Remote Code Execution via Display Logic
The Widget Options – Advanced Conditional Visibility for Gutenberg Blocks & Classic Widgets plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.2.2 via the Display Logic feature. This is due to the plugin using eval on user-supplied Display Logic...
CVE-2026-2052
The Widget Options – Advanced Conditional Visibility for Gutenberg Blocks & Classic Widgets plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.2.2 via the Display Logic feature. This is due to the plugin using eval on user-supplied Display Logic...
CVE-2026-2052 Widget Options <= 4.2.2 - Authenticated (Contributor+) Remote Code Execution via Display Logic
The Widget Options – Advanced Conditional Visibility for Gutenberg Blocks & Classic Widgets plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.2.2 via the Display Logic feature. This is due to the plugin using eval on user-supplied Display Logic...
CVE-2026-2052
The CVE-2026-2052 entry describes a Remote Code Execution vulnerability in the WordPress plugin Widget Options – Advanced Conditional Visibility for Gutenberg Blocks & Classic Widgets. Affected: all versions up to and including 4.2.2. Root cause: the plugin uses eval() on user-supplied Display Lo...
PT-2026-36588
Name of the Vulnerable Software and Affected Versions Widget Options – Advanced Conditional Visibility for Gutenberg Blocks & Classic Widgets versions prior to 4.2.3 Description Remote Code Execution is possible via the Display Logic feature. The issue arises because the plugin uses the eval...
WordPress plugin Widget Options – Advanced Conditional Visibility for Gutenberg Blocks & Classic Widgets 代码注入漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be added to a...
CVE-2026-3643 Accessibly <= 3.0.3 - Missing Authorization to Unauthenticated Stored Cross-Site Scripting via Widget Source Injection via REST API
The Accessibly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the REST API in all versions up to, and including, 3.0.3. The plugin registers REST API endpoints at /otm-ac/v1/update-widget-options and /otm-ac/v1/update-app-config with the permissioncallback set to returntrue...
CVE-2026-3643 Accessibly <= 3.0.3 - Missing Authorization to Unauthenticated Stored Cross-Site Scripting via Widget Source Injection via REST API
The Accessibly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the REST API in all versions up to, and including, 3.0.3. The plugin registers REST API endpoints at /otm-ac/v1/update-widget-options and /otm-ac/v1/update-app-config with the permissioncallback set to returntrue...
CVE-2026-3643
The Accessibly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the REST API in all versions up to, and including, 3.0.3. The plugin registers REST API endpoints at /otm-ac/v1/update-widget-options and /otm-ac/v1/update-app-config with the permissioncallback set to returntrue...
CVE-2026-3643
The Accessibly WordPress plugin (versions ≤ 3.0.3) is vulnerable to an unauthenticated Stored XSS via REST API endpoints /otm-ac/v1/update-widget-options and /otm-ac/v1/update-app-config. These endpoints have permission_callback set to __return_true, so no auth checks occur. updateWidgetOptions()...