CVE-2015-9437

Name of the Vulnerable Software and Affected Versions dynamic-widgets plugin versions prior to 1.5.11

Description The issue concerns a CSRF with resultant XSS. It is exploitable via the "page limit" parameter in the "/wp-admin/themes.php?page=dynwid-config" API endpoint.

Recommendations For versions prior to 1.5.11, update to version 1.5.11 or later to resolve the issue. As a temporary workaround, consider restricting access to the "/wp-admin/themes.php?page=dynwid-config" endpoint until the update is applied. Avoid using the page limit parameter in the affected endpoint until the issue is resolved.