Really Simple Security logo

Log out
Get PRO

Latest

Input validation vulnerability in Widget Options – The #1 WordPress Widget & Block Control Plugin 4.0.7

  • Severity: critical
  • Status: Fixed
  • Publication: November 27, 2024

The Widget Options plugin for WordPress, which helps control widgets and blocks, has a security vulnerability in its display logic feature. This vulnerability allows hackers with contributor-level access or higher to run code on the server without proper filtering or permission checks. Although we recommended the vendor to limit the ability to execute commands and only allow administrators to do so, they did not take our advice. While we believe the issue has been patched, we still suggest further strengthening the security measures to reduce any remaining risks.

Detected in:

Widget Options – Advanced Conditional Visibility for Gutenberg Blocks & Classic Widgets fixed vulnerable versions:
Widget Options – The #1 WordPress Widget & Block Control Plugin fixed vulnerable versions: >= * <= 4.0.7
Widget Options – Widget & Block Visibility Controls fixed vulnerable versions:

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

  • Incorrect?

Is this information incorrect? Please leave us a message.