Marketing Fire Llc Widget Options Extended vulnerabilities
3 known vulnerabilities affecting marketing_fire_llc/widget_options_extended.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2026-2052P2HIGHCVSS 8.8≤ 5.3.22026-05-02
CVE-2026-2052 [HIGH] CWE-94 CVE-2026-2052: The Widget Options – Advanced Conditional Visibility for Gutenberg Blocks & Classic Widgets plugin f
The Widget Options – Advanced Conditional Visibility for Gutenberg Blocks & Classic Widgets plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.2.2 via the Display Logic feature. This is due to the plugin using eval() on user-supplied Display Logic expressions with an insufficient blocklist/allowlist that c
nvd
CVE-2024-35691P4MEDIUMCVSS 6.5≥ n/a, ≤ 5.1.02024-06-08
CVE-2024-35691 [MEDIUM] CWE-200 CVE-2024-35691: Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Marketing Fire, LLC Widg
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Marketing Fire, LLC Widget Options - Extended.This issue affects Widget Options - Extended: from n/a through 5.1.0.
nvd
CVE-2025-8902P4MEDIUMCVSS 6.4≤ 5.2.12025-09-23
CVE-2025-8902 [MEDIUM] CWE-79 CVE-2025-8902: The Widget Options - Extended plugin for WordPress is vulnerable to Stored Cross-Site Scripting via
The Widget Options - Extended plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'do_sidebar' shortcode in all versions up to, and including, 5.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and a
nvd