HIGH
totalbounty
CVE published 2026-07-08
CVE-2026-14158
The Widget Logic Visual plugin for WordPress has a Remote Code Execution vulnerability in all versions up to, and including, 1.52. This is due to missing capability check and nonce verification on the widget-logic-update-conditional-tags AJAX action combined with insufficient sanitization of the 'nwlv[cod-tag]' parameter. The vulnerability exists in the widget_logic_visual_check_visibility function, allow [truncated]