Primary

Context

WordPress Widget Options Plugin OS Command Injection Vulnerability Allowing Arbitrary Code Execution

Vulnerability

A command injection vulnerability has been identified in the WordPress Widget Options plugin, specifically in versions through 4.1.0. This vulnerability allows for operating system command injection, which could lead to arbitrary code execution on the affected site.

Impact

Exploitation of this vulnerability could allow a malicious actor to execute arbitrary code on the affected WordPress site, potentially leading to a complete takeover of the site.

Remediation

Users of the WordPress Widget Options plugin should update to version 4.1.1 or later to address this vulnerability. Patchstack users can enable auto-update for vulnerable plugins.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

5.2

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

5.2

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

WordPress Widget Options Plugin OS Command Injection Vulnerability Allowing Arbitrary Code Execution

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating