Lucene search
K
VivwebsolutionsDynamic Widgets

4 matches found

CVE
CVE
added 2019/09/26 1:15 a.m.144 views

CVE-2015-9436

CVE-2015-9436 affects the WordPress Dynamic Widgets plugin prior to 1.5.11. The issue is an XSS vulnerability caused by insufficient input validation, exploitable via wp-admin/admin-ajax.php?action=term_tree prefix or the widget_id parameter. Impact is client-side code execution in affected conte...

5.4CVSS5.3AI score0.01044EPSS
Web
CVE
CVE
added 2019/09/26 1:18 a.m.141 views

CVE-2015-9437

The CVE refers to the WordPress Dynamic Widgets plugin, affected versions prior to 1.5.11. The issue is a CSRF that can lead to a stored/XSS outcome via the wp-admin/themes.php?page=dynwid-config page_limit parameter. Several connected sources confirm that this vulnerability concerns Dynamic Widg...

6.5CVSS6.2AI score0.00881EPSS
Web
CVE
CVE
added 2024/11/19 10:4 p.m.60 views

CVE-2024-51669

CVE-2024-51669: WordPress Dynamic Widgets plugin contains a Cross-Site Request Forgery (CSRF) vulnerability in versions 1.6.4 and earlier. A fix is available in 1.6.5. Patchstack notes an unauthenticated vector and low-priority severity for this entry, while NVD assigns a high base score (8.8) fo...

8.8CVSS5.9AI score0.00193EPSS
CVE
CVE
added 2023/04/10 6:0 p.m.37 views

CVE-2015-10100

CVE-2015-10100 affects Dynamic Widgets Plugin for WordPress (versions up to 1.5.10). The vulnerability stems from SQL injection in the file classes/dynwid_class.php (or dynwid_class.php in related docs), enabling remote exploitation with no user interaction. Upgrading to version 1.5.11 addresses ...

9.8CVSS9.8AI score0.01054EPSS