VYPR

Widget Options

by WordPress

Source repositories

CVEs (8)

  • CVE-2024-8672CriNov 28, 2024
    risk 0.71cvss 9.9epss 0.44

    The Widget Options – The #1 WordPress Widget & Block Control Plugin plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.0.7 via the display logic functionality that extends several page builders. This is due to the plugin…

  • CVE-2025-22630CriFeb 14, 2025
    risk 0.64cvss 9.9epss 0.01

    Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Marketing Fire Widget Options widget-options allows OS Command Injection.This issue affects Widget Options: from n/a through <= 4.1.0.

  • CVE-2026-27984CriMar 5, 2026
    risk 0.59cvss 9.0epss 0.00

    Improper Control of Generation of Code ('Code Injection') vulnerability in Marketing Fire Widget Options widget-options allows Code Injection.This issue affects Widget Options: from n/a through <= 4.1.3.

  • CVE-2026-2052HigMay 2, 2026
    risk 0.50cvss 8.8epss 0.01

    The Widget Options – Advanced Conditional Visibility for Gutenberg Blocks & Classic Widgets plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.2.2 via the Display Logic feature. This is due to the plugin using eval() on…

  • CVE-2025-10580MedOct 25, 2025
    risk 0.42cvss 6.4epss 0.00

    The Widget Options – The #1 WordPress Widget & Block Control Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple functions in all versions up to, and including, 4.1.2 due to insufficient input sanitization and output escaping. This makes it…

  • CVE-2025-22722MedJan 21, 2025
    risk 0.28cvss 4.3epss 0.00

    Missing Authorization vulnerability in Marketing Fire Widget Options widget-options allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Widget Options: from n/a through <= 4.0.8.

  • CVE-2024-56219MedDec 31, 2024
    risk 0.28cvss 4.3epss 0.00

    Missing Authorization vulnerability in Marketing Fire Widget Options widget-options allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Widget Options: from n/a through <= 4.0.6.1.

  • CVE-2024-35690Jun 17, 2026
    risk 0.00cvss epss 0.00

    Insertion of sensitive information into sent data vulnerability in MarketingFire Widget Options allows Retrieve Embedded Sensitive Data. This issue affects Widget Options: from n/a through 4.0.1.