A vulnerability marked as critical has been reported in totalbounty Widget Logic Visual Plugin up to 1.52. This issue affects the function widget_logic_visual_check_visibility of the component Conditional Tag Handler. This manipulation of the argument nwlv[cod-tag] causes os command injection.

This vulnerability is registered as CVE-2026-14158. Remote exploitation of the attack is possible. No exploit is available.