Inisev Ultimate Posts Widget — known CVE vulnerabilities
Every CVE whose affected-product data names Inisev Ultimate Posts Widget, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (3)
CVE-2024-0561 — CVSS 5.4 (medium): The Ultimate Posts Widget WordPress plugin before 2.3.1 does not validate and escape some of its Widget options before outputting them back…
CVE-2023-0958 — CVSS 4.3 (medium): Several plugins for WordPress by Inisev are vulnerable to unauthorized installation of plugins due to a missing capability check on the…
CVE-2023-3977 — CVSS 4.3 (medium): Several plugins for WordPress by Inisev are vulnerable to Cross-Site Request Forgery to unauthorized installation of plugins due to a…