Vulnerabilities > Vivwebsolutions > Medium

DATE CVE VULNERABILITY TITLE RISK
2019-09-26 CVE-2015-9437 Cross-Site Request Forgery (CSRF) vulnerability in Vivwebsolutions Dynamic Widgets
The dynamic-widgets plugin before 1.5.11 for WordPress has CSRF with resultant XSS via the wp-admin/themes.php?page=dynwid-config page_limit parameter.
network
low complexity
vivwebsolutions CWE-352
6.5
6.5
2019-09-26 CVE-2015-9436 Cross-site Scripting vulnerability in Vivwebsolutions Dynamic Widgets
The dynamic-widgets plugin before 1.5.11 for WordPress has XSS via the wp-admin/admin-ajax.php?action=term_tree prefix or widget_id parameter.
network
low complexity
vivwebsolutions CWE-79
5.4
5.4