CVE-2026-1268

Name of the Vulnerable Software and Affected Versions Dynamic Widget Content plugin for WordPress versions through 1.3.6

Description The Dynamic Widget Content plugin for WordPress is susceptible to Stored Cross-Site Scripting. This occurs through the widget content field within the Gutenberg editor sidebar, stemming from inadequate input sanitization and output escaping of user-provided attributes. Authenticated attackers possessing Contributor-level access or higher can inject arbitrary web scripts into pages. These scripts will then execute each time a user accesses the affected page.

Recommendations Update the Dynamic Widget Content plugin to a version beyond 1.3.6.