Dynamic Widgets@* Security Vulnerabilities and Issues — Dynamic Widgets@* CVE List

Lucene search

VivwebsolutionsDynamic Widgets*

5 matches found

CVE•added 2019/09/26 2:15 a.m.•131 views

CVE-2015-9436

The dynamic-widgets plugin before 1.5.11 for WordPress has XSS via the wp-admin/admin-ajax.php?action=term_tree prefix or widget_id parameter.

5.4CVSS5.3AI score0.00227EPSS

CVE•added 2019/09/26 2:15 a.m.•131 views

CVE-2015-9437

The dynamic-widgets plugin before 1.5.11 for WordPress has CSRF with resultant XSS via the wp-admin/themes.php?page=dynwid-config page_limit parameter.

6.5CVSS6.2AI score0.00237EPSS

CVE•added 2022/02/28 9:15 a.m.•76 views

CVE-2021-24933

The Dynamic Widgets WordPress plugin through 1.5.16 does not escape the prefix parameter before outputting it back in an attribute when using the term_tree AJAX action (available to any authenticated users), leading to a Reflected Cross-Site Scripting issue

5.4CVSS5.3AI score0.00219EPSS

CVE•added 2024/11/19 10:15 p.m.•44 views

CVE-2024-51669

Cross-Site Request Forgery (CSRF) vulnerability in Vivwebs Dynamic Widgets.This issue affects Dynamic Widgets: from n/a through 1.6.4.

8.8CVSS5.7AI score0.00025EPSS

CVE•added 2023/04/10 6:15 p.m.•24 views

CVE-2015-10100

A vulnerability, which was classified as critical, has been found in Dynamic Widgets Plugin up to 1.5.10 on WordPress. This issue affects some unknown processing of the file classes/dynwid_class.php. The manipulation leads to sql injection. The attack may be initiated remotely. Upgrading to version...

9.8CVSS9.8AI score0.00669EPSS