CVE-2015-9436

Name of the Vulnerable Software and Affected Versions dynamic-widgets plugin versions prior to 1.5.11

Description The issue concerns a cross-site scripting (XSS) problem. It can be exploited via the "action=term tree" prefix or the widget id parameter in the "/wp-admin/admin-ajax.php" API endpoint.

Recommendations For versions prior to 1.5.11, update to version 1.5.11 or later to resolve the issue. As a temporary workaround, consider restricting access to the "/wp-admin/admin-ajax.php" API endpoint or avoiding the use of the widget id parameter until the update is applied.