WordPress Plugin Vulnerabilities
Widget Options <= 4.1.3 - Contributor+ Remote Code Execution
Description
The plugin is vulnerable to Remote Code Execution. This makes it possible for authenticated attackers, with Contributor-level access and above, to execute code on the server.
Affects Plugins
No known fix References
Classification
Type
RCE
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
Drew Webber (mcdruid)
Verified
No
WPVDB ID
Timeline
Publicly Published
2026-03-02 (about 1 month ago)
Added
2026-03-12 (about 23 days ago)
Last Updated
2026-03-12 (about 23 days ago)
WPScan 