PT-2023-10279 · WordPress · Dynamic Widgets Plugin
Published
2023-04-10
·
Updated
2024-11-27
·
CVE-2015-10100
CVSS v2.0
6.5
Medium
| Vector | AV:N/AC:L/Au:S/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Dynamic Widgets Plugin versions 1.5.10 and earlier
Description
A critical issue has been found in the Dynamic Widgets Plugin, affecting some unknown processing of the file classes/dynwid class.php. The manipulation leads to sql injection. The attack may be initiated remotely.
Recommendations
For versions 1.5.10 and earlier, upgrade to version 1.5.11 to address this issue. As a temporary workaround, consider restricting access to the file classes/dynwid class.php until the upgrade is applied.
Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Dynamic Widgets Plugin