VYPR

Dynamic Widget Content

by WordPress

Source repositories

CVEs (2)

  • CVE-2026-1268MedFeb 5, 2026
    risk 0.42cvss 6.4epss 0.00

    The Dynamic Widget Content plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the widget content field in the Gutenberg editor sidebar in all versions up to, and including, 1.3.6 due to insufficient input sanitization and output escaping on user-supplied…

  • CVE-2021-24933MedFeb 28, 2022
    risk 0.35cvss 5.4epss 0.01

    The Dynamic Widgets WordPress plugin through 1.5.16 does not escape the prefix parameter before outputting it back in an attribute when using the term_tree AJAX action (available to any authenticated users), leading to a Reflected Cross-Site Scripting issue