Description
WordPress Plugin Essential Widgets is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently change plugin's configuration. WordPress Plugin Essential Widgets version 1.8 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 1.9 or latest
References
https://sploitus.com/exploit?id=WPEX-ID:181A729E-FFFE-457C-9E8D-A4343FD2E630
https://plugins.svn.wordpress.org/essential-widgets/trunk/README.txt
Related Vulnerabilities
PrestaShop Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2019-19594)
Oracle JRE CVE-2014-2428 Vulnerability (CVE-2014-2428)
WordPress Plugin Salon Booking System Cross-Site Scripting (6.3)
WordPress Plugin Product Table by WBW Remote Code Execution (2.0.1)
WordPress Plugin Database for Contact Form 7, WPforms, Elementor forms Cross-Site Scripting (1.3.3)