cleantalk
Vulnerabilities and Security Researches

Dynamic Widgets, CVE-2015-9437

CVE, Research URL

CVE-2015-9437

Home page URL

Security reports for Dynamic Widgets

Application

Dynamic Widgets

Published on
Sep 26, 2019
Research Description
The dynamic-widgets plugin before 1.5.11 for WordPress has CSRF with resultant XSS via the wp-admin/themes.php?page=dynwid-config page_limit parameter.
Affected versions
max 1.5.11.
Status
vulnerable
Previous vulnerability researches
Dynamic Widgets (CVE-2021-24933) , Jun 10, 2024
Dynamic Widgets (CVE-2015-10100) , Jun 07, 2024
Dynamic Widgets (fd8883125ab10ddf1bfb5cae4dbf4175fb52b317) , Jun 16, 2026
Dynamic Widgets (4d7faa92-9246-4685-ace9-ed62e555fbde) , Jun 16, 2026
Dynamic Widgets (5dd9d324c9dd9e4f3db52cd08c75f2fb94e77fb5) , Jun 16, 2026
New vulnerability
leenk.me (753d31765913b4d2dbb8af0a5512e5f1f8c70c61) , Jun 16, 2026
Social Hashtags (5abd4657-8a58-4d97-b8cb-b67235ab5b8a) , Jun 16, 2026
Social Hashtags (1965c7b04565befbb11c28b56cb6922733a47b03) , Jun 16, 2026
Social Hashtags (a7cf6766582e354e702766a86f85716127d19bdc) , Jun 16, 2026
Simple Calendar – Google Calendar Plugin (e98a6264-9c5a-417f-b2f8-bd0017b411a0) , Jun 16, 2026