VYPR

Dynamic Widgets

by Vivwebsolutions

CVEs (4)

  • CVE-2015-9437MedSep 26, 2019
    risk 0.42cvss 6.5epss 0.01

    The dynamic-widgets plugin before 1.5.11 for WordPress has CSRF with resultant XSS via the wp-admin/themes.php?page=dynwid-config page_limit parameter.

  • CVE-2015-9436MedSep 26, 2019
    risk 0.35cvss 5.4epss 0.01

    The dynamic-widgets plugin before 1.5.11 for WordPress has XSS via the wp-admin/admin-ajax.php?action=term_tree prefix or widget_id parameter.

  • CVE-2015-10100MedApr 10, 2023
    risk 0.34cvss 6.3epss 0.01

    A vulnerability, which was classified as critical, has been found in Dynamic Widgets Plugin up to 1.5.10 on WordPress. This issue affects some unknown processing of the file classes/dynwid_class.php. The manipulation leads to sql injection. The attack may be initiated remotely.…

  • CVE-2024-51669MedNov 19, 2024
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Kalmang Dynamic Widgets dynamic-widgets.This issue affects Dynamic Widgets: from n/a through <= 1.6.4.