Vulnerabilities and security researches forimage-widget image-widget

Dec 15, 2024

CVE, Research URL: CVE-2024-10939
Home page URL: Security reports for Image Widget
Application: Image Widget
Date: Dec 13, 2024
Research Description: The Image Widget WordPress plugin before 4.4.11 does not sanitise and escape some of its Image Widget settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
Affected versions: max 4.4.11.
Status: vulnerable

May 01, 2026

CVE, Research URL: CVE-2026-42643
Home page URL: Security reports for Image Widget
Application: Image Widget
Date: Apr 29, 2026
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in StellarWP Image Widget image-widget allows Stored XSS.This issue affects Image Widget: from n/a through <= 4.4.11.
Affected versions: max 4.4.12.
Status: vulnerable