4 matches found
CVE-2015-9436
CVE-2015-9436 affects the WordPress Dynamic Widgets plugin prior to 1.5.11. The issue is an XSS vulnerability caused by insufficient input validation, exploitable via wp-admin/admin-ajax.php?action=term_tree prefix or the widget_id parameter. Impact is client-side code execution in affected conte...
CVE-2015-9437
The CVE refers to the WordPress Dynamic Widgets plugin, affected versions prior to 1.5.11. The issue is a CSRF that can lead to a stored/XSS outcome via the wp-admin/themes.php?page=dynwid-config page_limit parameter. Several connected sources confirm that this vulnerability concerns Dynamic Widg...
CVE-2024-51669
CVE-2024-51669: WordPress Dynamic Widgets plugin contains a Cross-Site Request Forgery (CSRF) vulnerability in versions 1.6.4 and earlier. A fix is available in 1.6.5. Patchstack notes an unauthenticated vector and low-priority severity for this entry, while NVD assigns a high base score (8.8) fo...
CVE-2015-10100
CVE-2015-10100 affects Dynamic Widgets Plugin for WordPress (versions up to 1.5.10). The vulnerability stems from SQL injection in the file classes/dynwid_class.php (or dynwid_class.php in related docs), enabling remote exploitation with no user interaction. Upgrading to version 1.5.11 addresses ...