Skip to main content

Widget Wrangler

1 CVEs product

Monthly

CVE-2026-25447 CRITICAL Act Now

A Code Injection vulnerability (CWE-94) exists in the Jonathan Daggerhart Widget Wrangler WordPress plugin through version 2.3.9, allowing unauthenticated attackers to execute arbitrary code on affected installations. This Remote Code Execution (RCE) vulnerability enables complete server compromise and data exfiltration. Active exploitation has been documented by Patchstack, indicating this is a practical, real-world threat requiring immediate patching.

Code Injection RCE Widget Wrangler
NVD VulDB
CVSS 3.1
9.1
EPSS
0.0%
EPSS 0% CVSS 9.1
CRITICAL Act Now

A Code Injection vulnerability (CWE-94) exists in the Jonathan Daggerhart Widget Wrangler WordPress plugin through version 2.3.9, allowing unauthenticated attackers to execute arbitrary code on affected installations. This Remote Code Execution (RCE) vulnerability enables complete server compromise and data exfiltration. Active exploitation has been documented by Patchstack, indicating this is a practical, real-world threat requiring immediate patching.

Code Injection RCE Widget Wrangler
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy