cleantalk
Vulnerabilities and Security Researches

Widget Wrangler, CVE-2026-25447

CVE, Research URL

CVE-2026-25447

Home page URL

Security reports for Widget Wrangler

Application

Widget Wrangler

Published on
Mar 25, 2026
Research Description
Improper Control of Generation of Code ('Code Injection') vulnerability in Jonathan Daggerhart Widget Wrangler widget-wrangler allows Code Injection.This issue affects Widget Wrangler: from n/a through <= 2.3.9.
Affected versions
max 2.3.9.
Status
vulnerable
Previous vulnerability researches
Additional Custom Product Tabs for WooCommerce (CVE-2025-58985) , Sep 10, 2025
Additional Custom Product Tabs for WooCommerce (CVE-2025-26749) , Apr 15, 2025
Custom Product Tabs For WooCommerce (CVE-2024-12721) , Dec 22, 2024
New vulnerability
Admin and Site Enhancements (ASE) (CVE-2026-32423) , Mar 29, 2026
Royal Elementor Addons and Templates (CVE-2026-28135) , Mar 29, 2026
Royal Elementor Addons and Templates (CVE-2025-13067) , Mar 29, 2026
Gift Up Gift Cards for WordPress and WooCommerce (CVE-2026-32412) , Mar 29, 2026
WP Telegram Widget and Join Link (CVE-2026-23807) , Mar 29, 2026