Someone just submitted a patch to bump smarty version - https://gerrit.wikimedia.org/r/c/mediawiki/extensions/Widgets/+/891299
Widgets is using a ~ operator on the version, so you may have an up to date version if you ran composer update recently.
However, the vulns in question are pretty bad. Not all of them apply to Widgets, but i was able to reproduce the RCE from CVE-2022-29221 (Assuming you can edit widgets). There were several other vulns listed in those versions, and i didn't look in detail. I think in practise many sites are vulnerable to this. At the very least, mediawikiwidgets.com appears to be (Based on Smarty version listed at Special:Version).
I think we should make a security announcement for this extension, and possibly a version bump to the extension in general (?).