← back
CVE-2025-49029

WordPress Custom Login And Signup Widget plugin <= 1.0 - Arbitrary Code Execution vulnerability

CVSS 9.1 CRITICALEPSS 2.1%CWE-94
Improper Control of Generation of Code ('Code Injection') vulnerability in bitto.kazi Custom Login And Signup Widget custom-login-and-signup-widget allows Code Injection.This issue affects Custom Login And Signup Widget: from n/a through <= 1.0.
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Affected products
bitto.kazi · Custom Login And Signup Widget
public PoCs found1
githubgithub.com/Nxploited/CVE-2025-490292
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://patchstack.com/database/Wordpress/Plugin/custom-login-and-signup-widget/vulnerability/wordpress-custom-login-and-signup-widget-plugin-1-0-arbitrary-code-execution-vulnerability?_s_id=cve