VYPR

Essential Widgets

by WordPress

Source repositories

CVEs (3)

  • CVE-2021-24752MedOct 18, 2021
    risk 0.37cvss 5.7epss 0.00

    Multiple Plugins from the CatchThemes vendor do not perform capability and CSRF checks in the ctp_switch AJAX action, which could allow any authenticated users, such as Subscriber to change the Essential Widgets WordPress plugin before 1.9, To Top WordPress plugin before 2.3,…

  • CVE-2026-0867MedFeb 5, 2026
    risk 0.35cvss 6.4epss 0.00

    The Essential Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ew-author, ew-archive, ew-category, ew-page, and ew-menu shortcodes in all versions up to, and including, 3.0 due to insufficient input sanitization and output escaping on…

  • CVE-2025-67543Dec 9, 2025
    risk 0.00cvss epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Catch Themes Essential Widgets essential-widgets allows Stored XSS.This issue affects Essential Widgets: from n/a through <= 2.2.2.

VYPR — Vulnerability Intelligence