Blocksera Cryptocurrency Widgets Pack vulnerabilities
3 known vulnerabilities affecting blocksera/cryptocurrency_widgets_pack.
Total CVEs
3
CISA KEV
0
Public exploits
2
Exploited in wild
1
Severity breakdown
CRITICAL2MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2022-4059P1CRITICALCVSS 9.8ExploitedPoC≤ 1.8.12023-01-02
CVE-2022-4059 [CRITICAL] CWE-89 CVE-2022-4059: The Cryptocurrency Widgets Pack WordPress plugin before 2.0 does not sanitise and escape some parame
The Cryptocurrency Widgets Pack WordPress plugin before 2.0 does not sanitise and escape some parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection.
nvd
CVE-2022-44588P2CRITICALCVSS 9.8PoC≤ 1.8.1≥ n/a, ≤ 1.8.12022-12-15
CVE-2022-44588 [CRITICAL] CWE-89 CVE-2022-44588: Unauth. SQL Injection vulnerability in Cryptocurrency Widgets Pack Plugin <=1.8.1 on WordPress.
Unauth. SQL Injection vulnerability in Cryptocurrency Widgets Pack Plugin <=1.8.1 on WordPress.
nvd
CVE-2025-31539P3MEDIUMCVSS 6.5≤ 2.0.12025-03-31
CVE-2025-31539 [MEDIUM] CWE-862 CVE-2025-31539: Missing Authorization vulnerability in Blocksera Cryptocurrency Widgets Pack cryptocurrency-widgets-
Missing Authorization vulnerability in Blocksera Cryptocurrency Widgets Pack cryptocurrency-widgets-pack allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cryptocurrency Widgets Pack: from n/a through <= 2.0.1.
nvd