cleantalk
Vulnerabilities and Security Researches

Image Widget, CVE-2026-42643

CVE, Research URL

CVE-2026-42643

Home page URL

Security reports for Image Widget

Application

Image Widget

Published on
Apr 29, 2026
Research Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in StellarWP Image Widget image-widget allows Stored XSS.This issue affects Image Widget: from n/a through <= 4.4.11.
Affected versions
max 4.4.12.
Status
vulnerable
Previous vulnerability researches
WPB Image Widget (CVE-2025-58858) , Sep 07, 2025
Image Widget (CVE-2026-42643) , May 01, 2026
Image Widget (CVE-2024-10939) , Dec 15, 2024
New vulnerability
Otter Blocks &#8211; Gutenberg Blocks, Page Builder for Gutenberg Editor &amp; FSE (CVE-2026-2892) , May 01, 2026
Barcode Scanner and Inventory manager. POS (Point of Sale) &#8211; scan barcodes &amp; create orders with barcode reader. (CVE-2026-42645) , May 01, 2026
BetterDocs – Best Documentation, FAQ &amp; Knowledge Base Plugin with AI Support (CVE-2026-42644) , May 01, 2026
WP User Frontend &#8211; Registration, User Profile, Membership, Content Restriction, User Directory, and Frontend Post Submiss (CVE-2026-42412) , May 01, 2026
Image Widget (CVE-2026-42643) , May 01, 2026