CVE-2026-7615 Widget Context <= 1.3.3 - Cross-Site Request Forgery to Settings Update via 'wl' Parameter

The Widget Context plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.3. This is due to missing or incorrect nonce validation on the savewidgetcontextsettings function. This makes it possible for unauthenticated attackers to modify widget...

PT-2026-42733

The Widget Context plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.3. This is due to missing or incorrect nonce validation on the save widget context settings function. This makes it possible for unauthenticated attackers to modify widget...

EUVD-2025-209162

The King Addons for Elementor plugin for WordPress is vulnerable to multiple Contributor+ DOM-Based Stored Cross-Site Scripting vulnerabilities in all versions up to, and including, 51.1.38. This is due to insufficient input sanitization and output escaping across multiple widgets and features. T...

PT-2026-29527

The King Addons for Elementor plugin for WordPress is vulnerable to multiple Contributor+ DOM-Based Stored Cross-Site Scripting vulnerabilities in all versions up to, and including, 51.1.38. This is due to insufficient input sanitization and output escaping across multiple widgets and features. T...

EUVD-2021-11826

Malware in sbrugna...

EUVD-2021-11449

Malware in sbrugna...

EUVD-2022-35017

Malicious code in bioql PyPI...

CVE-2024-6158

The Category Posts Widget WordPress plugin before 4.9.17, term-and-category-based-posts-widget WordPress plugin before 4.9.13 does not validate and escape some of its "Category Posts" widget settings before outputting them back in a page/post where the Widget is embed, which could allow high...

CVE-2019-14297

Veeam ONE Reporter 9.5.0.3201 allows XSS via the Add/Edit Widget with a crafted Caption field to setDashboardWidget in CommonDataHandlerReadOnly.ashx...

CVE-2025-0627

CVE-2025-0627 involves the WordPress Tag, Category, and Taxonomy Manager – AI Autotagger plugin (pre-3.30.0). The issue is a failure to sanitize/escape certain Widgets settings, enabling Stored Cross-Site Scripting by high-privilege users (e.g., admins) even when unfiltered_html is disabled (such...

PT-2025-18044 · WordPress · Wordpress Tag

Name of the Vulnerable Software and Affected Versions: The WordPress Tag, Category, and Taxonomy Manager versions prior to 3.30.0 Description: The issue concerns the WordPress Tag, Category, and Taxonomy Manager plugin, which does not properly sanitise and escape some of its Widgets settings. Thi...

WordPress plugin WordPress Tag, Category, and Taxonomy Manager 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

WordPress plugin WP Booking Calendar 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

CVE-2024-5170

The Logo Manager For Enamad WordPress plugin through 0.7.1 does not sanitise and escape in its widgets settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

WordPress plugin Logo Manager For Enamad 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security vulnerability exists in...

CVE-2024-7647

The OTA Sync Booking Engine Widget plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.7. This is due to missing or incorrect nonce validation on the otasyncwidgetsettingsfnc function. This makes it possible for unauthenticated attackers to...

PT-2024-38478 · WordPress · Ota Sync Booking Engine Widget

Name of the Vulnerable Software and Affected Versions: OTA Sync Booking Engine Widget plugin for WordPress versions up to, and including, 1.2.7 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the otasync widget settings fnc function...

CVE-2024-2189 Social Icons Widget & Block < 4.2.18 - Admin+ Stored XSS

The Social Icons Widget & Block by WPZOOM WordPress plugin before 4.2.18 does not sanitise and escape some of its Widget settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example ...

WordPress Plugin Social Icons Widget Block 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

WordPress Plugin PowerPack Addons for Elementor Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...