Wp Custom Widget Area
by WordPress
Source repositories
CVEs (2)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-45045 | Med | 0.35 | 5.4 | 0.00 | Jan 2, 2025 | Missing Authorization vulnerability in krozero WP Custom Widget area wp-custom-widget-area allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Custom Widget area: from n/a through <= 1.2.5. | ||
| CVE-2023-6066 | Med | 0.28 | 4.3 | 0.00 | Jan 15, 2024 | The WP Custom Widget area WordPress plugin through 1.2.5 does not properly apply capability and nonce checks on any of its AJAX action callback functions, which could allow attackers with subscriber+ privilege to create, delete or modify menus on the site. |
- risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in krozero WP Custom Widget area wp-custom-widget-area allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Custom Widget area: from n/a through <= 1.2.5.
- risk 0.28cvss 4.3epss 0.00
The WP Custom Widget area WordPress plugin through 1.2.5 does not properly apply capability and nonce checks on any of its AJAX action callback functions, which could allow attackers with subscriber+ privilege to create, delete or modify menus on the site.