Remote Code Execution Vulnerability in Widget Options by WordPress
CVE-2026-54823

9.9CRITICAL

Key Information:

Vendor

WordPress

Vendor
CVE Published:
25 June 2026

What is CVE-2026-54823?

A remote code execution vulnerability exists in the Widget Options plugin for WordPress, specifically affecting versions 4.2.3 and earlier. This flaw allows attackers to execute arbitrary code on the server, posing significant risks to the integrity and confidentiality of affected sites. Websites utilizing these versions of Widget Options are strongly advised to update promptly and ensure that security measures are in place to mitigate any potential exploitation.

Affected Version(s)

Widget Options <= 4.2.3

References

CVSS V3.1

Score:
9.9
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

daroo | Patchstack Bug Bounty Program
.