CVE-2024-35690
published 2026-06-17CVE-2024-35690: WordPress Widget Options plugin <= 4.0.1 - Subscriber+ User Meta Data Exposure Vulnerability Insertion of sensitive information into sent data vulnerability in…
medium6.5CVSS 3.1
AVNACLPRLUINSUCHINAN
EPSS
0.29%
21.0th percentile
WordPress Widget Options plugin <= 4.0.1 - Subscriber+ User Meta Data Exposure Vulnerability
Insertion of sensitive information into sent data vulnerability in MarketingFire Widget Options allows Retrieve Embedded Sensitive Data.
This issue affects Widget Options: from n/a through 4.0.1.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| marketingfire | widget_options | n/a – 4.0.1 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CVEList
WordPress Widget Options plugin <= 4.0.1 - Subscriber+ User Meta Data Exposure Vulnerability
cvelistv5·2026-06-17·CVSS 6.5
CVE-2024-35690 [MEDIUM] CWE-201 WordPress Widget Options plugin <= 4.0.1 - Subscriber+ User Meta Data Exposure Vulnerability
WordPress Widget Options plugin <= 4.0.1 - Subscriber+ User Meta Data Exposure Vulnerability
Insertion of sensitive information into sent data vulnerability in MarketingFire Widget Options allows Retrieve Embedded Sensitive Data.
This issue affects Widget Options: from n/a through 4.0.1.
GHSA
Insertion of sensitive information into sent data vulnerability in MarketingFire Widget Options allows Retrieve Embedded Sensitive Data.
ghsa_unreviewed·2026-06-17
CVE-2024-35690 [MEDIUM] CWE-201 Insertion of sensitive information into sent data vulnerability in MarketingFire Widget Options allows Retrieve Embedded Sensitive Data.
Insertion of sensitive information into sent data vulnerability in MarketingFire Widget Options allows Retrieve Embedded Sensitive Data.
This issue affects Widget Options: from n/a through 4.0.1.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-06-17
Published