Vulnerabilities and security researches forwidget-extend-builtin-query widget-extend-builtin-query
Direction: ascendingJun 07, 2024
Built-in Widgets Query extend (Custom Post Types & more) # 7e949cf0-63d4-49b0-a81c-e778b3a2d837
- CVE, Research URL
- Date
- -
- Research Description
- Built-in Widgets Query extend (Custom Post Types & more) [widget-extend-builtin-query] < 1.06 Multiple Plugins from Puvox.software - Reflected Cross-Site Scripting The plugins do not escape some URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting
- Affected versions
-
max 1.06.
- Status
-
vulnerable
Jun 16, 2026
Built-in Widgets Query extend (Custom Post Types & more) # be3772b60f443fafc5045cf43effcd694b8a4571
- CVE, Research URL
- Date
- Aug 01, 2022
- Research Description
- Built-in Widgets Query extend (Custom Post Types & more) [widget-extend-builtin-query] < 1.06 Built-in Widgets Query extend <= 1.05 - Reflected Cross-Site Scripting The Built-in Widgets Query extend plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.05 due to the use of add_query_arg/remove_query_arg with insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages via a URL that executes if they can successfully trick a user into performing an action such as clicking on a link.
- Affected versions
-
max 1.06.
- Status
-
vulnerable