Can a widget with the wrong code imbeded be a security risk?

I am needing help classifying a bug. I am self taught and never learned the cool code names yall use.


Secure log in page

Can not screen shot or record

Sensitive information

press widget

Widget should output sound for 2 seconds or less

Widget instead plays something not intended for 1 min.

Widget behaves this way on every device, pc, and cross site when linked

So it has to be imbeded in the web hosts framework?

I been trying to explain it to a tech group and they ignore me because i sound like an idiot to them