CVE-2024-8672

The Widget Options – The 1 WordPress Widget & Block Control Plugin plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.0.7 via the display logic functionality that extends several page builders. This is due to the plugin allowing users to supply inp...

CVE-2025-22722 WordPress Widget Options plugin <= 4.0.8 - Broken Access Control to Notice Dimissal vulnerability

Missing Authorization vulnerability in Marketing Fire Widget Options widget-options allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Widget Options: from n/a through = 4.0.8...

WordPress Widget Options plugin <= 4.0.8 - Broken Access Control to Notice Dimissal vulnerability

Broken Access Control to Notice Dimissal vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin Widget Options versions = 4.0.8...

CVE-2024-56219 WordPress Widget Options plugin <= 4.0.6.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in MarketingFire Widget Options allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Widget Options: from n/a through 4.0.6.1...

CVE-2024-56219

The CVE-2024-56219 entry describes a Missing Authorization vulnerability in WordPress Widget Options plugin, affecting versions up to 4.0.6.1. The underlying issue is broken/authentication-guarded access control in the Widget Options configuration, enabling exploitation of insufficient access che...

CVE-2024-56219 WordPress Widget Options plugin <= 4.0.6.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in Marketing Fire Widget Options widget-options allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Widget Options: from n/a through = 4.0.6.1...

WordPress Widget Options Plugin <= 4.0.7 is vulnerable to Remote Code Execution (RCE)

Software Widget Options Type Plugin Vulnerable versions = 4.0.7 Fixed in 4.0.8 OWASP Top 10 A1: Injection Classification Remote Code Execution RCE CVE CVE-2024-8672 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID 44c40aa090ca Credits Webbernaut Required privilege...

WordPress Widget Options plugin <= 4.0.1 - Subscriber+ Private/Draft Post Exposure Vulnerability

Subscriber+ Private/Draft Post Exposure Vulnerability discovered by Dave Jong Patchstack in WordPress Plugin Widget Options versions = 4.0.1...

WordPress Widget Options - Extended Plugin <= 5.1.0 is vulnerable to Sensitive Data Exposure

Software Widget Options - Extended Type Plugin Vulnerable versions = 5.1.0 Fixed in 5.1.3 OWASP Top 10 A1: Broken Access Control Classification Sensitive Data Exposure CVE CVE-2024-35691 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 3582bb729f7f Credits Dave Jong...

WordPress Widget Options Plugin <= 4.0.1 is vulnerable to Sensitive Data Exposure

Software Widget Options Type Plugin Vulnerable versions = 4.0.1 Fixed in 4.0.2 OWASP Top 10 A1: Broken Access Control Classification Sensitive Data Exposure CVE CVE-2024-35690 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID d20ab85a5efb Credits Dave Jong Patchstack...

WordPress Widget Options - Extended Plugin <= 5.1.0 is vulnerable to Sensitive Data Exposure

Software Widget Options - Extended Type Plugin Vulnerable versions = 5.1.0 Fixed in 5.1.3 OWASP Top 10 A1: Broken Access Control Classification Sensitive Data Exposure CVE CVE-2024-35691 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 80da7493f574 Credits Dave Jong...