Security information about WordPress

Posted at Monday, December 02, 2024

There is a critical vulnerability in the WordPress plugin Widget Options (versions 4.0.7 and below).
By exploiting this vulnerability, users with contributor or higher privileges can execute arbitrary code.

Widget Options – The #1 WordPress Widget & Block Control Plugin <= 4.0.7 - Authenticated (Contributor+) Remote Code Execution
(https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/widget-options/widget-options-the-1-wordpress-widget-block-control-plugin-407-authenticated-contributor-remote-code-execution)