PatchSiren

totalbounty CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

HIGH totalbounty CVE published 2026-07-08

CVE-2026-14158

The Widget Logic Visual plugin for WordPress has a Remote Code Execution vulnerability in all versions up to, and including, 1.52. This is due to missing capability check and nonce verification on the widget-logic-update-conditional-tags AJAX action combined with insufficient sanitization of the 'nwlv[cod-tag]' parameter. The vulnerability exists in the widget_logic_visual_check_visibility function, allow [truncated]