Code Injection Vulnerability in Widget Logic Plugin by Widgetlogic.org
CVE-2025-32222

9.8CRITICAL

Key Information:

Vendor: WordPress
Status: Widget Logic
Vendor: CVE Published:; 6 November 2025

What is CVE-2025-32222?

An improperly controlled generation of code vulnerability exists in the Widget Logic plugin by Widgetlogic.org. This flaw allows attackers to inject arbitrary code, potentially leading to remote code execution. Affected versions include Widget Logic up to and including 6.0.5, necessitating prompt attention to maintain the security of WordPress installations utilizing this plugin.

Affected Version(s)

Widget Logic <= n/a

References

https://vdp.patchstack.com/database/Wordpress/Plugin/widg...

vdb-entry

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 6, 2025
Vulnerability Reserved
Apr 4, 2025

Credit

ch4r0n | Patchstack Bug Bounty Program

JSON