Primary

Context

WordPress Widget Options Plugin Code Injection Vulnerability Allowing Remote Code Execution

Vulnerability

A code injection vulnerability has been identified in the WordPress Widget Options plugin, specifically in versions through 4.1.3. This vulnerability allows for remote code execution, enabling attackers to execute commands on the affected website, potentially leading to unauthorized access and control over the site.

Impact

Exploitation of this vulnerability allows for remote code execution on the affected website, which could be used to gain backdoor access and full control over the site.

Remediation

Users are advised to update to a version of the WordPress Widget Options plugin later than 4.1.3. Patchstack has also issued a mitigation rule to block attacks targeting this vulnerability until an official patch can be safely applied.

Added: Mar 5, 2026, 7:06 AM

Updated: Mar 5, 2026, 7:06 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

4.8

remediation

0.0

relevance

3.5

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

4.8

remediation

0.0

relevance

3.5

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

WordPress Widget Options Plugin Code Injection Vulnerability Allowing Remote Code Execution

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating