CVE-2025-49029

CRITICAL NUCLEI

bitto.Kazi Custom Login And Signup Widget <1.0 - Code Injection

Title source: llm

Description

Improper Control of Generation of Code ('Code Injection') vulnerability in bitto.kazi Custom Login And Signup Widget custom-login-and-signup-widget allows Code Injection.This issue affects Custom Login And Signup Widget: from n/a through <= 1.0.

Exploits (2)

nomisec WRITEUP 2 stars
by Nxploited · poc
https://github.com/Nxploited/CVE-2025-49029
github WORKING POC
by Boshe99 · pythonpoc
https://github.com/Boshe99/CVE-Exploits/tree/main/CVE-2025-49029

Nuclei Templates (1)

WordPress Custom Login And Signup Widget Plugin <= 1.0 - Arbitrary Code Execution
HIGHVERIFIEDby pussycat0x
FOFA: body="/wp-content/plugins/custom-login-and-signup-widget/"

References (2)

Scores

CVSS v3 9.1
EPSS 0.0049
EPSS Percentile 65.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Details

CWE
CWE-94
Status published
Products (1)
bitto.kazi/Custom Login And Signup Widget < 1.0
Published Jul 01, 2025
Tracked Since Feb 18, 2026