CVE-2015-9438

Name of the Vulnerable Software and Affected Versions display-widgets plugin versions prior to 2.04

Description The issue allows for XSS via the "wp-admin/admin-ajax.php?action=dw show widget" API endpoint, specifically through the id base, widget number, or instance parameters.

Recommendations For versions prior to 2.04, update to version 2.04 or later to resolve the issue.