Vulners
Lucene search
| Reporter | Title | Published | Views | Family All 11 |
|---|---|---|---|---|
 | WordPress plugin Add Custom CSS and JS 安全漏洞 | 14 May 202400:00 | – | cnnvd |
 | CVE-2024-3903 Add Custom CSS and JS <= 1.20 - Stored XSS via CSRF | 9 May 202406:00 | – | cvelist |
 | CVE-2024-3903 | 14 May 202415:42 | – | nvd |
 | WordPress Add Custom CSS and JS plugin <= 1.20 - Stored XSS via CSRF vulnerability | 15 May 202401:47 | – | patchstack |
| WordPress Add Custom CSS and JS Plugin <= 1.20 is vulnerable to Cross Site Request Forgery (CSRF) | 15 May 202400:00 | – | patchstack |
 | PT-2024-28338 · WordPress · Add Custom Css/Js | 9 May 202400:00 | – | ptsecurity |
 | CVE-2024-3903 | 23 May 202508:35 | – | redhatcve |
 | CVE-2024-3903 Add Custom CSS and JS <= 1.20 - Stored XSS via CSRF | 9 May 202406:00 | – | vulnrichment |
 | Wordfence Intelligence Weekly WordPress Vulnerability Report (April 15, 2024 to April 21, 2024) | 25 Apr 202415:56 | – | wordfence |
 | Add Custom CSS and JS <= 1.20 - Stored XSS via CSRF | 18 Apr 202400:00 | – | wpexploit |
10
Node
[
{
"vendor": "Unknown",
"product": "Add Custom CSS and JS",
"versions": [
{
"status": "affected",
"versionType": "semver",
"version": "0",
"lessThanOrEqual": "1.20"
}
],
"defaultStatus": "affected"
}
]| Parameter | Position | Path | Description | CWE |
|---|---|---|---|---|
| js_adminpanel | request body | wp-admin/options-general.php?page=custom_js_css | CSRF vulnerability allowing stored XSS via crafted POST payloads when an admin visits a page, due to insufficient CSRF protection and sanitisation/escaping. | CWE-352 |
| js_frontend | request body | wp-admin/options-general.php?page=custom_js_css | CSRF vulnerability allowing stored XSS via crafted POST payloads when an admin visits a page, due to insufficient CSRF protection and sanitisation/escaping. | CWE-352 |
| js_login | request body | wp-admin/options-general.php?page=custom_js_css | CSRF vulnerability allowing stored XSS via crafted POST payloads when an admin visits a page, due to insufficient CSRF protection and sanitisation/escaping. | CWE-352 |
| css_admin | request body | wp-admin/options-general.php?page=custom_js_css | CSRF vulnerability allowing stored XSS via crafted POST payloads when an admin visits a page, due to insufficient CSRF protection and sanitisation/escaping. | CWE-352 |
| css_frontend | request body | wp-admin/options-general.php?page=custom_js_css | CSRF vulnerability allowing stored XSS via crafted POST payloads when an admin visits a page, due to insufficient CSRF protection and sanitisation/escaping. | CWE-352 |
| css_login | request body | wp-admin/options-general.php?page=custom_js_css | CSRF vulnerability allowing stored XSS via crafted POST payloads when an admin visits a page, due to insufficient CSRF protection and sanitisation/escaping. | CWE-352 |
| update | request body | wp-admin/options-general.php?page=custom_js_css | CSRF vulnerability allowing stored XSS via crafted POST payloads when an admin visits a page, due to insufficient CSRF protection and sanitisation/escaping. | CWE-352 |
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
14 May 2025 16:51Current
5.7Medium risk
Vulners AI Score5.7
CVSS 3.17.1
EPSS0.0015
SSVC