cleantalk
Vulnerabilities and Security Researches

Widget Options – The #1 WordPress Widget & Block Control Plugin, CVE-2025-22630

CVE, Research URL

CVE-2025-22630

Home page URL

Security reports for Widget Options – The #1 WordPress Widget & Block Control Plugin

Application

Widget Options – The #1 WordPress Widget & Block Control Plugin

Published on
Feb 14, 2025
Research Description
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in MarketingFire Widget Options allows OS Command Injection.This issue affects Widget Options: from n/a through 4.1.0.
Affected versions
max 4.1.1.
Status
vulnerable
Previous vulnerability researches
Widget Options – The #1 WordPress Widget & Block Control Plugin (CVE-2024-8672) , Nov 29, 2024
Widget Options – The #1 WordPress Widget & Block Control Plugin (CVE-2024-35691) , Jul 22, 2024
Widget Options – The #1 WordPress Widget & Block Control Plugin (CVE-2025-10580) , Nov 10, 2025
Widget Options – The #1 WordPress Widget & Block Control Plugin (CVE-2025-22630) , Feb 16, 2025
Widget Options – The #1 WordPress Widget & Block Control Plugin (CVE-2024-35690) , Jun 10, 2024
New vulnerability
Off-Canvas Sidebars & Menus (Slidebars) (CVE-2025-62891) , Nov 11, 2025
LLM Hubspot Blog Import (CVE-2025-11257) , Nov 11, 2025
AI ChatBot (CVE-2025-62952) , Nov 11, 2025
Pie Calendar (CVE-2025-62024) , Nov 11, 2025
Demo Import Kit (CVE-2025-10051) , Nov 11, 2025