Vulnerabilities and security researches forrecent-posts-widget-extended recent-posts-widget-extended
Direction: ascendingJun 06, 2024
Recent Posts Widget Extended # 3cc7d2ef95e97e36a6ad4e848429845437e5a6e2
- CVE, Research URL
- Home page URL
- Application
- Date
- Oct 19, 2015
- Research Description
- Recent Posts Widget Extended [recent-posts-widget-extended] < 0.9.9.4 WordPress Recent Posts Widget Extended Plugin <= 0.9.9.3 - Authenticated XSS Because of this vulnerability, the attackers can inject arbitrary web script or HTML. Upgrade the plugin.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Jul 24, 2024
Recent Posts Widget Extended # PSC-2024-64506
- PSC, Research URL
- Home page URL
- Application
- Date
- Aug 05, 2025
- Research Description
- The “Recent Posts Widget Extended” plugin is a powerful tool designed to enhance your WordPress site by displaying recent posts in a customizable and flexible manner. Whether through a shortcode or widget, this plugin offers advanced features for showcasing recent content, including thumbnails, excerpts, post dates, and more. Now, with its recent Plugin Security Certification (PSC) from CleanTalk, you can confidently integrate this plugin into your site knowing it meets high security standards.
- Affected versions
-
Min -, max -.
- Status
-
SAFE & CERTIFIED
Sep 06, 2025
Recent Posts Widget Extended # CVE-2025-6757
- CVE, Research URL
- Home page URL
- Application
- Date
- Sep 06, 2025
- Research Description
- The Recent Posts Widget Extended plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'rpwe' shortcode in all versions up to, and including, 2.0.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable