Vulnerabilities > Bootstrapped > Dynamic Widgets > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-02-28 | CVE-2021-24933 | Cross-site Scripting vulnerability in Bootstrapped Dynamic Widgets The Dynamic Widgets WordPress plugin through 1.5.16 does not escape the prefix parameter before outputting it back in an attribute when using the term_tree AJAX action (available to any authenticated users), leading to a Reflected Cross-Site Scripting issue | 5.4 |