| Description: | | WordPress and WordPress plugin are products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. The WordPress plugin Widget Options 4.0.7 and earlier has a remote code execution vulnerability. The vulnerability allows an authenticated contributor or user with higher privileges to execute arbitrary PHP code on a server. The vulnerability stems from an unregulated use of the widgetopts_safe_eval() function, which computes user-supplied input directly while processing logic, allowing an attacker to inject and execute arbitrary PHP code. |