Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
widgets project widgets vulnerabilities and exploits
(subscribe to this query)
4
CVSSv2
CVE-2013-1973
The autocomplete callback in Autocomplete Widgets for Text and Number Fields (autocomplete_widgets) module 6.x-1.x prior to 6.x-1.4 and 7.x-1.x prior to 7.x-1.0-rc1 does not properly handle node permissions, which allows remote authenticated users to obtain sensitive field values...
Autocomplete Widgets Project Autocomplete Widgets 7.x-1.x
Autocomplete Widgets Project Autocomplete Widgets 6.x-1.1
Autocomplete Widgets Project Autocomplete Widgets 6.x-1.2
Autocomplete Widgets Project Autocomplete Widgets 6.x-1.3
Autocomplete Widgets Project Autocomplete Widgets 6.x-1.0
5.5
CVSSv2
CVE-2020-9382
An issue exists in the Widgets extension up to and including 1.4.0 for MediaWiki. Improper title sanitization allowed for the execution of any wiki page as a widget (as defined by this extension) via MediaWiki's {{#widget:}} parser function.
Widgets Project Widgets
4.3
CVSSv2
CVE-2015-6737
Cross-site scripting (XSS) vulnerability in the Widgets extension for MediaWiki allows remote malicious users to inject arbitrary web script or HTML via vectors involving base64 encoded content.
Widgets Project Widgets -
3.5
CVSSv2
CVE-2015-9438
The display-widgets plugin prior to 2.04 for WordPress has XSS via the wp-admin/admin-ajax.php?action=dw_show_widget id_base, widget_number, or instance parameter.
Display-widgets Project Display-widgets
NA
CVE-2022-4785
The Video Sidebar Widgets WordPress plugin up to and including 6.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored ...
Video Sidebar Widgets Project Video Sidebar Widgets
NA
CVE-2022-4488
The Widgets on Pages WordPress plugin prior to 1.8.0 does not validate and escape its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against...
Widgets On Pages Project Widgets On Pages
NA
CVE-2024-22290
Cross-Site Request Forgery (CSRF) vulnerability in AboZain,O7abeeb,UnitOne Custom Dashboard Widgets allows Cross-Site Scripting (XSS).This issue affects Custom Dashboard Widgets: from n/a up to and including 1.3.1.
Custom Dashboard Widgets Project Custom Dashboard Widgets
NA
CVE-2022-4619
The Sidebar Widgets by CodeLights plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘Extra CSS class’ parameter in versions up to, and including, 1.4 due to insufficient input sanitization and output escaping. This makes it possible for authent...
Codelights-shortcodes-and-widgets Project Codelights-shortcodes-and-widgets
NA
CVE-2022-4460
The Sidebar Widgets by CodeLights WordPress plugin up to and including 1.4 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting att...
Codelights-shortcodes-and-widgets Project Codelights-shortcodes-and-widgets
4
CVSSv2
CVE-2015-5499
The Navigate module for Drupal does not properly check permissions, which allows remote authenticated users to modify custom widgets and create widget database records by leveraging the "navigate view" permission.
Navigate Project Navigate -
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »