Sensitive Data Exposure in MarketingFire Widget Options by WordPress
CVE-2024-35690

6.5MEDIUM

Key Information:

Vendor: WordPress
Status: Widget Options
Vendor: CVE Published:; 17 June 2026

What is CVE-2024-35690?

The MarketingFire Widget Options plugin for WordPress has a vulnerability that permits the insertion and retrieval of sensitive information through improperly handled data. This issue could allow unauthorized access to embedded data sent through the widget options. Affected versions range from n/a to 4.0.1. Users should review their configurations and update to secure their information.

Affected Version(s)

Widget Options <= 4.0.1

References

https://patchstack.com/database/wordpress/plugin/widget-o...

vdb-entry

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 17, 2026
Vulnerability Reserved
May 17, 2024

Credit

Dave Jong | Patchstack

CVE-2024-35690 Data

JSON