cleantalk
Vulnerabilities and Security Researches

Dynamic Widgets, bcd167c7824b22ce28b0a755c39fc633d83acfb4

CVE, Research URL

bcd167c7824b22ce28b0a755c39fc633d83acfb4

Home page URL

Security reports for Dynamic Widgets

Application

Dynamic Widgets

Published on
May 15, 2012
Research Description
Dynamic Widgets [dynamic-widgets] < 1.5.2 WordPress Dynamic Widgets Plugin 1.5.1 - Cross Site Scripting WordPress PodPress plugin's "themes.php" is prone to a cross-site scripting vulnerability. It fails to properly clean up user-supplied input. An attacker may execute arbitrary script code in the browser of an user in the context of the affected site. In this way the attacker can steal cookie-based authentication credentials. Other attacks are also possible. Update the plugin.
Affected versions
max 1.5.2.
Status
vulnerable
Previous vulnerability researches
Advance WP Query Search Filter (CVE-2025-26743) , Apr 15, 2025
Advance WP Query Search Filter (CVE-2025-14313) , Jan 10, 2026
Advance WP Query Search Filter (CVE-2025-14312) , Jan 10, 2026
New vulnerability
Companion Auto Update (7cd2d4dc-1f88-40bb-b32c-c047aeaa7996) , Jun 16, 2026
Companion Auto Update (4ed0f911f8fcd2b401511da7c4879e693fff1d89) , Jun 16, 2026
WordPress Translation plugin for Post, Pages &amp; WooCommerce products. Tranzly IO AI DeepL automatic WordPress Translator. (6d8910c719b2a132ec93828cd37e418b19cac960) , Jun 16, 2026
WordPress Translation plugin for Post, Pages &amp; WooCommerce products. Tranzly IO AI DeepL automatic WordPress Translator. (0b128c2a9f79294ec38736ed95077005e1cdb5a2) , Jun 16, 2026
Cloudflare (1674fd5d30f242cd9c1196dcd4154e705baacb9c) , Jun 16, 2026