Vulners
Lucene search
| Reporter | Title | Published | Views | Family All 12 |
|---|---|---|---|---|
 | WordPress plugin Add Custom CSS and JS 安全漏洞 | 14 May 202400:00 | – | cnnvd |
 | CVE-2024-3903 Add Custom CSS and JS <= 1.20 - Stored XSS via CSRF | 9 May 202406:00 | – | cvelist |
 | CVE-2024-3903 | 14 May 202415:42 | – | nvd |
 | CVE-2024-3903 | 14 May 202415:42 | – | osv |
 | WordPress Add Custom CSS and JS plugin <= 1.20 - Stored XSS via CSRF vulnerability | 15 May 202401:47 | – | patchstack |
| WordPress Add Custom CSS and JS Plugin <= 1.20 is vulnerable to Cross Site Request Forgery (CSRF) | 15 May 202400:00 | – | patchstack |
 | PT-2024-28338 · WordPress · Add Custom Css/Js | 9 May 202400:00 | – | ptsecurity |
 | CVE-2024-3903 | 23 May 202508:35 | – | redhatcve |
 | CVE-2024-3903 Add Custom CSS and JS <= 1.20 - Stored XSS via CSRF | 9 May 202406:00 | – | vulnrichment |
 | Wordfence Intelligence Weekly WordPress Vulnerability Report (April 15, 2024 to April 21, 2024) | 25 Apr 202415:56 | – | wordfence |
10
Node
[
{
"vendor": "Unknown",
"product": "Add Custom CSS and JS",
"versions": [
{
"status": "affected",
"versionType": "semver",
"version": "0",
"lessThanOrEqual": "1.20"
}
],
"defaultStatus": "affected"
}
]| Parameter | Position | Path | Description | CWE |
|---|---|---|---|---|
| js_frontend | request body | /wp-admin/options-general.php?page=custom_js_css | Stored XSS via CSRF due to missing CSRF checks and sanitisation | CWE-352 |
| js_login | request body | /wp-admin/options-general.php?page=custom_js_css | Stored XSS via CSRF due to missing CSRF checks and sanitisation | CWE-352 |
| css_frontend | request body | /wp-admin/options-general.php?page=custom_js_css | Stored XSS via CSRF due to missing CSRF checks and sanitisation | CWE-352 |
| css_login | request body | /wp-admin/options-general.php?page=custom_js_css | Stored XSS via CSRF due to missing CSRF checks and sanitisation | CWE-352 |
| js_frontend | request body | /wp-admin/options-general.php?page=custom_js_css | Stored XSS payloads injected via CSRF-enabled POST | CWE-352 |
| js_login | request body | /wp-admin/options-general.php?page=custom_js_css | Stored XSS payloads injected via CSRF-enabled POST | CWE-352 |
| css_frontend | request body | /wp-admin/options-general.php?page=custom_js_css | Stored XSS payloads injected via CSRF-enabled POST | CWE-352 |
| css_login | request body | /wp-admin/options-general.php?page=custom_js_css | Stored XSS payloads injected via CSRF-enabled POST | CWE-352 |
| js_adminpanel | request body | /wp-admin/options-general.php?page=custom_js_css | Potential CSRF parameter exposure enabling modifier payloads | CWE-352 |
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
17 Jun 2026 07:45Current
5.7Medium risk
Vulners AI Score5.7
CVSS 3.17.1
EPSS0.00212
SSVC