2018 matches found
CVE-2025-58029
Missing Authorization vulnerability in Sumit Singh Classic Widgets with Block-based Widgets classic-widgets-with-block-based-widgets allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Classic Widgets with Block-based Widgets: from n/a through = 1.0.1...
CVE-2025-57989
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Brajesh Singh WordPress Widgets Shortcode wp-widgets-shortcode allows Stored XSS.This issue affects WordPress Widgets Shortcode: from n/a through = 1.0.3...
CVE-2025-58029
Missing Authorization vulnerability in Sumit Singh Classic Widgets with Block-based Widgets classic-widgets-with-block-based-widgets allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Classic Widgets with Block-based Widgets: from n/a through = 1.0.1...
CVE-2025-57989
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Brajesh Singh WordPress Widgets Shortcode wp-widgets-shortcode allows Stored XSS.This issue affects WordPress Widgets Shortcode: from n/a through = 1.0.3...
WordPress WordPress Widgets Shortcode Plugin <= 1.0.3 - Cross Site Scripting (XSS) Vulnerability
Cross Site Scripting XSS Vulnerability discovered by muhammad yudha in WordPress Plugin WordPress Widgets Shortcode versions = 1.0.3...
WordPress Classic Widgets with Block-based Widgets Plugin <= 1.0.1 - Broken Access Control Vulnerability
Broken Access Control Vulnerability discovered by Nabil Irawan in WordPress Plugin Classic Widgets with Block-based Widgets versions = 1.0.1...
CVE-2025-57989
CVE-2025-57989 is an Stored XSS in WordPress Widgets Shortcode (Authenticated) affecting WordPress Widgets Shortcode
CVE-2025-57989 WordPress WordPress Widgets Shortcode Plugin <= 1.0.3 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Brajesh Singh WordPress Widgets Shortcode wp-widgets-shortcode allows Stored XSS.This issue affects WordPress Widgets Shortcode: from n/a through = 1.0.3...
CVE-2025-57989 WordPress WordPress Widgets Shortcode Plugin <= 1.0.3 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Brajesh Singh WordPress Widgets Shortcode wp-widgets-shortcode allows Stored XSS.This issue affects WordPress Widgets Shortcode: from n/a through = 1.0.3...
CVE-2025-58029 WordPress Classic Widgets with Block-based Widgets Plugin <= 1.0.1 - Broken Access Control Vulnerability
Missing Authorization vulnerability in Sumit Singh Classic Widgets with Block-based Widgets classic-widgets-with-block-based-widgets allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Classic Widgets with Block-based Widgets: from n/a through = 1.0.1...
CVE-2025-58029
CVE-2025-58029 is a Missing Authorization vulnerability in the WordPress plugin family Classic Widgets with Block-based Widgets (affected: Classic Widgets with Block-based Widgets, versions
CVE-2025-58029 WordPress Classic Widgets with Block-based Widgets Plugin <= 1.0.1 - Broken Access Control Vulnerability
Missing Authorization vulnerability in Sumit Singh Classic Widgets with Block-based Widgets classic-widgets-with-block-based-widgets allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Classic Widgets with Block-based Widgets: from n/a through = 1.0.1...
WordPress plugin WordPress Widgets Shortcode 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...
WordPress plugin Classic Widgets with Block-based Widgets 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, with the ability to host personal blog sites on PHP and MySQL based servers.WordPress...
PT-2025-38878
Name of the Vulnerable Software and Affected Versions Sumit Singh Classic Widgets with Block-based Widgets versions through 1.0.1 Description A missing authorization issue exists in Sumit Singh Classic Widgets with Block-based Widgets. The issue allows access to functionality that is not properly...
PT-2025-38839
Name of the Vulnerable Software and Affected Versions Brajesh Singh WordPress Widgets Shortcode versions through 1.0.3 Description The software contains a flaw due to improper handling of input during the creation of web pages, specifically a Stored Cross-site Scripting issue. This allows for the...
CVE-2025-9861
The ThemeLoom Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'losshowposts' shortcode in all versions up to, and including, 1.8.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2025-9861
The ThemeLoom Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'losshowposts' shortcode in all versions up to, and including, 1.8.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2025-8689 Elements Plus! <= 2.16.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets
The Elements Plus! plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Comparison, HotSpot Plus, and Google Maps widgets in all versions up to, and including, 2.16.4 due to insufficient input sanitization and output escaping on user supplied attributes. This...
CVE-2025-9861
The ThemeLoom Widgets WordPress plugin (CVE-2025-9861) is affected by a stored cross-site scripting (XSS) vulnerability in the los_showposts shortcode across all versions up to 1.8.5. The issue stems from insufficient input sanitization and output escaping for user-supplied attributes, enabling a...