cleantalk
Vulnerabilities and Security Researches

Built-in Widgets Query extend (Custom Post Types & more), be3772b60f443fafc5045cf43effcd694b8a4571

CVE, Research URL

be3772b60f443fafc5045cf43effcd694b8a4571

Home page URL

Security reports for Built-in Widgets Query extend (Custom Post Types & more)

Application

Built-in Widgets Query extend (Custom Post Types & more)

Published on
Aug 01, 2022
Research Description
Built-in Widgets Query extend (Custom Post Types &amp; more) [widget-extend-builtin-query] < 1.06 Built-in Widgets Query extend <= 1.05 - Reflected Cross-Site Scripting The Built-in Widgets Query extend plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.05 due to the use of add_query_arg/remove_query_arg with insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages via a URL that executes if they can successfully trick a user into performing an action such as clicking on a link.
Affected versions
max 1.06.
Status
vulnerable
Previous vulnerability researches
Built-in Widgets Query extend (Custom Post Types &amp; more) (7e949cf0-63d4-49b0-a81c-e778b3a2d837) , Jun 07, 2024
Built-in Widgets Query extend (Custom Post Types &amp; more) (be3772b60f443fafc5045cf43effcd694b8a4571) , Jun 16, 2026
New vulnerability
leenk.me (753d31765913b4d2dbb8af0a5512e5f1f8c70c61) , Jun 16, 2026
Social Hashtags (5abd4657-8a58-4d97-b8cb-b67235ab5b8a) , Jun 16, 2026
Social Hashtags (1965c7b04565befbb11c28b56cb6922733a47b03) , Jun 16, 2026
Social Hashtags (a7cf6766582e354e702766a86f85716127d19bdc) , Jun 16, 2026
Simple Calendar &#8211; Google Calendar Plugin (e98a6264-9c5a-417f-b2f8-bd0017b411a0) , Jun 16, 2026