CVE-2026-2027 AMP Enhancer <= 1.0.49 - Authenticated (Administrator+) Stored Cross-Site Scripting via AMP Custom CSS Setting

The AMP Enhancer – Compatibility Layer for Official AMP Plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the AMP Custom CSS setting in all versions up to, and including, 1.0.49 due to insufficient input sanitization and output escaping on user supplied attributes. This makes ...

WordPress AMP Enhancer plugin <= 1.0.49 - Authenticated (Administrator+) Stored Cross-Site Scripting via AMP Custom CSS Setting vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting via AMP Custom CSS Setting vulnerability discovered by Muqsith Barru - TCC in WordPress Plugin AMP Enhancer Compatibility Layer for Official AMP Plugin versions = 1.0.49...

CVE-2025-41768

An high privileged remote attacker can inject arbitrary content into the custom CSS field on the affected devices due to improper neutralization of input during web page generation 'Cross-site Scripting'...

CVE-2025-41768 Beckhoff: XSS Vulnerability in TwinCAT 3 HMI Server

An high privileged remote attacker can inject arbitrary content into the custom CSS field on the affected devices due to improper neutralization of input during web page generation 'Cross-site Scripting'...

CVE-2025-41768 Beckhoff: XSS Vulnerability in TwinCAT 3 HMI Server

An high privileged remote attacker can inject arbitrary content into the custom CSS field on the affected devices due to improper neutralization of input during web page generation 'Cross-site Scripting'...

CVE-2023-29112

The SAP Application Interface Message Monitoring - versions 600, 700, allows an authorized attacker to input links or headings with custom CSS classes into a comment. The comment will render links and custom CSS classes as HTML objects. After successful exploitations, an attacker can cause limite...

CVE-2025-23578

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Bastien Ho Custom CSS Addons css-addons allows Reflected XSS.This issue affects Custom CSS Addons: from n/a through = 1.9.1...

CVE-2025-68878

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in prasadkirpekar Advanced Custom CSS advanced-custom-css allows Reflected XSS.This issue affects Advanced Custom CSS: from n/a through = 1.1.0...

CVE-2025-68878 WordPress Advanced Custom CSS plugin <= 1.1.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in prasadkirpekar Advanced Custom CSS advanced-custom-css allows Reflected XSS.This issue affects Advanced Custom CSS: from n/a through = 1.1.0...

CVE-2025-68878 WordPress Advanced Custom CSS plugin <= 1.1.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in prasadkirpekar Advanced Custom CSS advanced-custom-css allows Reflected XSS.This issue affects Advanced Custom CSS: from n/a through = 1.1.0...

CVE-2025-68878

CVE-2025-68878 is a reflected XSS vulnerability in the Advanced Custom CSS WordPress plugin, caused by Improper Neutralization of Input During Web Page Generation. It affects Advanced Custom CSS versions up to 1.1.0 (no details on fixed version provided in the documents). The CVSS 3.1 metrics ind...

PT-2025-53749

Name of the Vulnerable Software and Affected Versions Prasadkirpekar Advanced Custom CSS versions through 1.1.0 Description The software contains a flaw related to improper input handling during web page creation, which allows for Reflected Cross-Site Scripting XSS. This means an attacker could...

WordPress plugin Advanced Custom CSS 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

WordPress Advanced Custom CSS plugin <= 1.1.0 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin Advanced Custom CSS versions = 1.1.0...

CVE-2025-11267

The VK All in One Expansion Unit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'veucustomcss' parameter in all versions up to, and including, 9.112.1. This is due to insufficient input sanitization and output escaping on the user-supplied Custom CSS value. This makes i...

EUVD-2025-197955

The VK All in One Expansion Unit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'veucustomcss' parameter in all versions up to, and including, 9.112.1. This is due to insufficient input sanitization and output escaping on the user-supplied Custom CSS value. This makes i...

CVE-2025-11267

The VK All in One Expansion Unit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'veucustomcss' parameter in all versions up to, and including, 9.112.1. This is due to insufficient input sanitization and output escaping on the user-supplied Custom CSS value. This makes i...

CVE-2025-11267

The VK All in One Expansion Unit WordPress plugin is affected by a Stored XSS in the _veu_custom_css value across versions up to 9.112.1. The vulnerability stems from insufficient input sanitization and output escaping, enabling authenticated attackers with Contributor-level access or higher to i...

CVE-2025-11162

The Spectra Gutenberg Blocks – Website Builder for the Block Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Custom CSS in all versions up to, and including, 2.19.14 due to insufficient input sanitization and output escaping. This makes it possible for authenticat...

CVE-2025-11162

The Spectra Gutenberg Blocks – Website Builder for the Block Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Custom CSS in all versions up to, and including, 2.19.14 due to insufficient input sanitization and output escaping. This makes it possible for authenticat...