cleantalk
Vulnerabilities and Security Researches

Widget Logic, CVE-2019-12826

CVE, Research URL

CVE-2019-12826

Home page URL

Security reports for Widget Logic

Application

Widget Logic

Published on
Jul 01, 2019
Research Description
A Cross-Site-Request-Forgery (CSRF) vulnerability in widget_logic.php in the 2by2host Widget Logic plugin before 5.10.2 for WordPress allows remote attackers to execute PHP code via snippets (that are attached to widgets and then eval'd to dynamically determine their visibility) by crafting a malicious POST request that tricks administrators into adding the code.
Affected versions
max 5.10.3.
Status
vulnerable
Previous vulnerability researches
Widget Logic Visual (CVE-2025-68842) , Feb 27, 2026
Widget Logic (CVE-2019-12826) , Jun 07, 2024
Widget Logic (CVE-2025-32222) , Jun 15, 2025
New vulnerability
Security & Malware scan by CleanTalk , Apr 03, 2026
OOPSpam Anti-Spam (CVE-2026-32544) , Mar 31, 2026
NotificationX – Best FOMO, Social Proof, WooCommerce Sales Popup & Notification Bar Plugin With Elementor (CVE-2026-27042) , Mar 31, 2026
The Conference (CVE-2026-32335) , Mar 31, 2026
WP Booking System – Booking Calendar (CVE-2025-68515) , Mar 31, 2026