Home / Vulnerability Intelligence / CVE-2026-25447

CVE-2026-25447 - Vulnerability Analysis

CriticalCVSS: 9.1

Last Updated: March 25, 2026

Jonathan Daggerhart Widget Wrangler - Code Injection

Published: March 25, 2026Updated: March 25, 2026Remote Exploitable

Overview

Jonathan Daggerhart Widget Wrangler <= 2.3.9 contains a code injection vulnerability caused by improper control of code generation, letting attackers inject and execute arbitrary code, exploit requires crafted input.

Severity & Score

Severity: Critical

CVSS Score: 9.1

EPSS Score: 4.4%(Probability of exploitation in next 30 days)

Impact

Attackers can inject and execute arbitrary code, potentially leading to full system compromise.

Mitigation

Update to the latest version beyond 2.3.9.

References

https://patchstack.com/database/Wordpress/Plugin/widget-wrangler/vulnerability/wordpress-widget-wrangler-plugin-2-3-9-remote-code-execution-rce-vulnerability?_s_id=cve

Social Media Activity(1 post)

TheHackerWire

@thehackerwire

Mar 25, 2026

🔴 CVE-2026-25447 - Critical (9.1) Improper Control of Generation of Code ('Code Injection') vulnerability in Jonathan Daggerhart Widget Wrangler widget-wrangler allows Code Injection.This issue affects Widget Wrangler: from n/a through <= 2.3.9. 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25447/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID: CVE-2026-25447
Severity: Critical
CVSS Score: 9.1
Type: command_injection
Status: new
EPSS: 4.4%
Social Posts: 1

CWE

CWE-94

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

EPSS Score

4.4%Probability of exploitation in the next 30 days