WP Clinic
Log in Sign up

PLUGIN SECURITY

Is Widget Options safe?

Known vulnerabilities, PHP compatibility and safer alternatives for the Widget Options WordPress plugin — checked against WP Clinic's local security database.

Plugin details

  • Slug: widget-options
  • Requires PHP: 7.4+
  • Max supported PHP (analyzed): 8.4

Known vulnerabilities

  • Widget Options – Advanced Conditional Visibility for Gutenberg Blocks &amp; Classic Widgets [widget-options] < 4.0.2 [CVE-2024-35690, WordPress Widget Options Plugin <= 4.0.1 is vulnerable to Sensitive Data Exposure, WordPress Widget Options Plugin <= 4.0.1 is vulnerable to Sensitive Data Exposure]
  • Widget Options – Advanced Conditional Visibility for Gutenberg Blocks &amp; Classic Widgets [widget-options] < 4.0.2 [CVE-2024-35691, Widget Options - Extended <= 5.1.0 & Widget Options <= 4.0.1 - Authenticated (Subscriber+) Information Disclosure]
  • Widget Options – Advanced Conditional Visibility for Gutenberg Blocks &amp; Classic Widgets [widget-options] < 4.0.8 [CVE-2024-8672, Widget Options – The #1 WordPress Widget & Block Control Plugin <= 4.0.7 - Authenticated (Contributor+) Remote Code Execution, WordPress Widget Options Plugin <= 4.0.7 is vulnerable to Remote Code Execution (RCE)]
  • Widget Options – Advanced Conditional Visibility for Gutenberg Blocks &amp; Classic Widgets [widget-options] < 4.0.8 [CVE-2024-56219, WordPress Widget Options Plugin <= 4.0.6.1 is vulnerable to Broken Access Control, Widget Options <= 4.0.6.1 - Missing Authorization]
  • Widget Options – Advanced Conditional Visibility for Gutenberg Blocks &amp; Classic Widgets [widget-options] < 4.0.9 [CVE-2025-22722, Widget Options <= 4.0.8 - Missing Authorization to Notice Dismissal, EUVD-2025-2943]
+ 5 more known vulnerabilities
  • Widget Options – Advanced Conditional Visibility for Gutenberg Blocks &amp; Classic Widgets [widget-options] < 4.1.1 [CVE-2025-22630, Widget Options <= 4.1.0 - Authenticated (Contributor+) Remote Code Execution, EUVD-2025-2895]
  • Widget Options – Advanced Conditional Visibility for Gutenberg Blocks &amp; Classic Widgets [widget-options] < 4.1.3 [CVE-2025-10580, EUVD-2025-35925, Widget Options – The #1 WordPress Widget & Block Control Plugin <= 4.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting]
  • Widget Options – Advanced Conditional Visibility for Gutenberg Blocks &amp; Classic Widgets [widget-options] < 4.2.0 [CVE-2026-27984, Widget Options – Advanced Conditional Visibility for Gutenberg Blocks & Classic Widgets <= 4.1.3 - Authenticated (Contributor+) Remote Code Execution]
  • Widget Options – Advanced Conditional Visibility for Gutenberg Blocks &amp; Classic Widgets [widget-options] < 4.2.3 [CVE-2026-2052, Widget Options <= 4.2.2 - Authenticated (Contributor+) Remote Code Execution via Display Logic, EUVD-2026-26754]
  • Widget Options – Advanced Conditional Visibility for Gutenberg Blocks &amp; Classic Widgets [widget-options] < 4.2.4 [CVE-2026-54823, Widget Options – Advanced Conditional Visibility for Gutenberg Blocks & Classic Widgets <= 4.2.3 - Authenticated (Contributor+) Remote Code Execution]

Vulnerabilities are matched against the exact installed version when it's known. Always keep the plugin updated to the latest release.

Safer / more established alternatives

Check your own WordPress site

Run a free passive scan now, or create a free account and install the WP Clinic plugin for a deep scan of your whole hosting account and AI-assisted repair.