A vulnerability, which was classified as problematic, was found in WidgetKit Plugin up to 2.5.4 on WordPress. This affects an unknown part of the component Widget. The manipulation leads to cross site scripting.
This vulnerability is uniquely identified as CVE-2025-49074. It is possible to initiate the attack remotely. There is no exploit available.
