Code Injection Vulnerability in NotFound DigiWidgets Image Editor
CVE-2025-30580

10CRITICAL

Key Information:

Vendor: Notfound
Status: Digiwidgets Image Editor
Vendor: CVE Published:; 1 April 2025

What is CVE-2025-30580?

The NotFound DigiWidgets Image Editor is susceptible to a code injection vulnerability, which may allow an attacker to execute arbitrary code on the server. This flaw arises from improper control over code generation, rendering systems using versions from n/a through 1.10 vulnerable to potential remote code inclusion attacks. Proper security measures and software updates are essential to mitigate this risk.

Affected Version(s)

DigiWidgets Image Editor <= 1.10

References

https://patchstack.com/database/wordpress/plugin/digiwidg...

vdb-entry

CVSS V3.1

Score:

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Apr 1, 2025

Notfound

What is CVE-2025-30580?

Affected Version(s)

References

CVSS V3.1

Timeline