cleantalk
Vulnerabilities and Security Researches

Vulnerabilities and security researches fordynamic-widgets dynamic-widgets

Direction: ascending
Jun 07, 2024

Dynamic Widgets # CVE-2015-10100

CVE, Research URL

CVE-2015-10100

Home page URL

Security reports for Dynamic Widgets

Application

Dynamic Widgets

Date
Apr 10, 2023
Research Description
A vulnerability, which was classified as critical, has been found in Dynamic Widgets Plugin up to 1.5.10 on WordPress. This issue affects some unknown processing of the file classes/dynwid_class.php. The manipulation leads to sql injection. The attack may be initiated remotely. Upgrading to version 1.5.11 is able to address this issue. The identifier of the patch is d0a19c6efcdc86d7093b369bc9e29a0629e57795. It is recommended to upgrade the affected component. The identifier VDB-225353 was assigned to this vulnerability.
Affected versions
max 1.5.11.
Status
vulnerable
Jun 10, 2024

Dynamic Widgets # CVE-2021-24933

CVE, Research URL

CVE-2021-24933

Home page URL

Security reports for Dynamic Widgets

Application

Dynamic Widgets

Date
Feb 28, 2022
Research Description
The Dynamic Widgets WordPress plugin through 1.5.16 does not escape the prefix parameter before outputting it back in an attribute when using the term_tree AJAX action (available to any authenticated users), leading to a Reflected Cross-Site Scripting issue
Affected versions
max 1.6.
Status
vulnerable

Dynamic Widgets # CVE-2015-9437

CVE, Research URL

CVE-2015-9437

Home page URL

Security reports for Dynamic Widgets

Application

Dynamic Widgets

Date
Sep 26, 2019
Research Description
The dynamic-widgets plugin before 1.5.11 for WordPress has CSRF with resultant XSS via the wp-admin/themes.php?page=dynwid-config page_limit parameter.
Affected versions
max 1.5.11.
Status
vulnerable

Dynamic Widgets # CVE-2015-9436

CVE, Research URL

CVE-2015-9436

Home page URL

Security reports for Dynamic Widgets

Application

Dynamic Widgets

Date
Sep 26, 2019
Research Description
The dynamic-widgets plugin before 1.5.11 for WordPress has XSS via the wp-admin/admin-ajax.php?action=term_tree prefix or widget_id parameter.
Affected versions
max 1.5.11.
Status
vulnerable
Nov 04, 2024

Dynamic Widgets # CVE-2024-51669

CVE, Research URL

CVE-2024-51669

Home page URL

Security reports for Dynamic Widgets

Application

Dynamic Widgets

Date
Nov 20, 2024
Research Description
Cross-Site Request Forgery (CSRF) vulnerability in Kalmang Dynamic Widgets dynamic-widgets.This issue affects Dynamic Widgets: from n/a through <= 1.6.4.
Affected versions
max 1.6.5.
Status
vulnerable
Jun 16, 2026

Dynamic Widgets # fd8883125ab10ddf1bfb5cae4dbf4175fb52b317

CVE, Research URL

fd8883125ab10ddf1bfb5cae4dbf4175fb52b317

Home page URL

Security reports for Dynamic Widgets

Application

Dynamic Widgets

Date
Nov 22, 2015
Research Description
Dynamic Widgets [dynamic-widgets] < 1.5.11 WordPress Dynamic Widgets Plugin <= 1.5.10 - XSS Because of this vulnerability, the attackers can inject arbitrary JavaScript or HTML code. Update the plugin.
Affected versions
max 1.5.11.
Status
vulnerable

Dynamic Widgets # 4d7faa92-9246-4685-ace9-ed62e555fbde

CVE, Research URL

4d7faa92-9246-4685-ace9-ed62e555fbde

Home page URL

Security reports for Dynamic Widgets

Application

Dynamic Widgets

Date
-
Research Description
Dynamic Widgets [dynamic-widgets] < 1.5.2 Dynamic Widgets &lt;= 1.5.1 - Cross-Site Scripting (XSS) The Dynamic Widgets WordPress plugin was affected by a Cross-Site Scripting (XSS) security vulnerability.
Affected versions
max 1.5.2.
Status
vulnerable

Dynamic Widgets # 5dd9d324c9dd9e4f3db52cd08c75f2fb94e77fb5

CVE, Research URL

5dd9d324c9dd9e4f3db52cd08c75f2fb94e77fb5

Home page URL

Security reports for Dynamic Widgets

Application

Dynamic Widgets

Date
May 15, 2012
Research Description
Dynamic Widgets [dynamic-widgets] < 1.5.2 Dynamic Widgets <= 1.5.1 - Cross Site Scripting The Dynamic Widgets plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 1.5.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts that execute in a victim's browser.
Affected versions
max 1.5.2.
Status
vulnerable

Dynamic Widgets # bcd167c7824b22ce28b0a755c39fc633d83acfb4

CVE, Research URL

bcd167c7824b22ce28b0a755c39fc633d83acfb4

Home page URL

Security reports for Dynamic Widgets

Application

Dynamic Widgets

Date
May 15, 2012
Research Description
Dynamic Widgets [dynamic-widgets] < 1.5.2 WordPress Dynamic Widgets Plugin 1.5.1 - Cross Site Scripting WordPress PodPress plugin's "themes.php" is prone to a cross-site scripting vulnerability. It fails to properly clean up user-supplied input. An attacker may execute arbitrary script code in the browser of an user in the context of the affected site. In this way the attacker can steal cookie-based authentication credentials. Other attacks are also possible. Update the plugin.
Affected versions
max 1.5.2.
Status
vulnerable