CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2025-22630 – WordPress Widget Options Plugin <= 4.1.0 - Arbitrary Code Execution vulnerability
https://notcve.org/view.php?id=CVE-2025-22630
11 Feb 2025 — Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in MarketingFire Widget Options allows OS Command Injection.This issue affects Widget Options: from n/a through 4.1.0. The Widget Options – The #1 WordPress Widget & Block Control Plugin plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.1.0. This makes it possible for authenticated attackers, with Contributor-level access and above, to execute code on the server... • https://patchstack.com/database/wordpress/plugin/widget-options/vulnerability/wordpress-widget-options-plugin-4-1-0-arbitrary-code-execution-vulnerability?_s_id=cve • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-22722 – WordPress Widget Options plugin <= 4.0.8 - Broken Access Control to Notice Dimissal vulnerability
https://notcve.org/view.php?id=CVE-2025-22722
15 Jan 2025 — Missing Authorization vulnerability in Widget Options Team Widget Options allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Widget Options: from n/a through 4.0.8. The Widget Options plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the widgetopts_ajax_hide_rating() function in versions up to, and including, 4.0.8. This makes it possible for authenticated attackers, with subscriber-level access and above, to... • https://patchstack.com/database/wordpress/plugin/widget-options/vulnerability/wordpress-widget-options-plugin-4-0-8-broken-access-control-to-notice-dimissal-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-56219 – WordPress Widget Options plugin <= 4.0.6.1 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-56219
19 Dec 2024 — Missing Authorization vulnerability in MarketingFire Widget Options allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Widget Options: from n/a through 4.0.6.1. The Widget Options plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the widgetopts_save_widget_editor_cache() function in versions up to, and including, 4.0.6.1. This makes it possible for authenticated attackers, with contributor-level access and above, to save ca... • https://patchstack.com/database/wordpress/plugin/widget-options/vulnerability/wordpress-widget-options-plugin-4-0-6-1-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-35691 – WordPress Widget Options - Extended plugin <= 5.1.0 - Multiple Data Exposure Vulnerability
https://notcve.org/view.php?id=CVE-2024-35691
06 Jun 2024 — Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Marketing Fire, LLC Widget Options - Extended.This issue affects Widget Options - Extended: from n/a through 5.1.0. Exposición de información confidencial a una vulnerabilidad de actor no autorizado en Marketing Fire, LLC Widget Options - Extended. Este problema afecta a Widget Options - Extended: desde n/a hasta 5.1.0. The Widget Options - Extended plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions... • https://patchstack.com/database/vulnerability/extended-widget-options/wordpress-widget-options-extended-plugin-5-1-0-subscriber-private-draft-post-exposure-vulnerability?_s_id=cve • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •