DigiWidgets Image Editor <= 1.10 is vulnerable to Remote Code Execution (RCE) Vulnerability

Unauthenticated

Published
2025-03-31

The DigiWidgets Image Editor plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.10. This makes it possible for unauthenticated attackers to execute code on the server.

CVE

https://www.cve.org/CVERecord?id=CVE-2025-30580

CVSS

Score:10

Severity:Critical

Version: 1.10

The plugin vendor has not patched this vulnerability at the moment.