CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

184 matches found

NVD•added 2025/11/05 5:15 a.m.•2 views

CVE-2025-11162

The Spectra Gutenberg Blocks – Website Builder for the Block Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Custom CSS in all versions up to, and including, 2.19.14 due to insufficient input sanitization and output escaping. This makes it possible for authenticat...

6.4CVSS0.00034EPSS

Exploits0References3

Cvelist•added 2025/11/05 4:36 a.m.•6 views

CVE-2025-11162 Spectra <= 2.19.14 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom CSS

6.4CVSS0.00034EPSS

Exploits0References3

CVE•added 2025/11/05 4:36 a.m.•36 views

CVE-2025-11162

CVE-2025-11162 affects Spectra Gutenberg Blocks – Website Builder for the Block Editor (WordPress plugin family). A stored cross-site scripting vulnerability exists via Custom CSS in all versions up to 2.19.14 (authenticated attacker with Contributor+ privileges can inject scripts executed on pag...

6.4CVSS4.7AI score0.00034EPSS

Exploits0References3

Vulnrichment•added 2025/11/05 4:36 a.m.•2 views

CVE-2025-11162 Spectra <= 2.19.14 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom CSS

6.4CVSS4.7AI score0.00034EPSS

Exploits0References3

EUVD•added 2025/10/22 3:31 p.m.•2 views

EUVD-2025-35564

Missing Authorization vulnerability in FRESHFACE Custom CSS custom-css-editor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Custom CSS: from n/a through = 1.4.0...

6.5CVSS6.5AI score0.00055EPSS

Exploits0References2

NVD•added 2025/10/22 3:15 p.m.•1 views

CVE-2025-48096

6.5CVSS0.00055EPSS

Exploits0References1

CVE•added 2025/10/22 2:32 p.m.•4 views

CVE-2025-48096

CVE-2025-48096 is a Missing Authorization/Broken Access Control vulnerability in the WordPress plugin “Custom CSS” (custom-css-editor) for versions up to and including 1.4.0. Public records from Red Hat and Patchstack confirm the issue stems from incorrectly configured access control, affecting t...

6.5CVSS6.6AI score0.00055EPSS

Exploits0References1

Vulnrichment•added 2025/10/22 2:32 p.m.•1 views

CVE-2025-48096 WordPress Custom CSS plugin <= 1.4.0 - Broken Access Control vulnerability

6.5CVSS6.6AI score0.00055EPSS

Exploits0References1

Cvelist•added 2025/10/22 2:32 p.m.•7 views

CVE-2025-48096 WordPress Custom CSS plugin <= 1.4.0 - Broken Access Control vulnerability

6.5CVSS0.00055EPSS

Exploits0References1

CNNVD•added 2025/10/22 12:0 a.m.•1 views

WordPress plugin Custom CSS 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

6.5CVSS6.6AI score0.00055EPSS

Exploits0References1

Positive Technologies•added 2025/10/22 12:0 a.m.•3 views

PT-2025-43158

Name of the Vulnerable Software and Affected Versions FRESHFACE Custom CSS versions through 1.4.0 Description An authorization issue exists in the FRESHFACE Custom CSS custom-css-editor, allowing exploitation due to incorrectly configured access control security levels. Recommendations Update...

6.5CVSS6.5AI score0.00055EPSS

Exploits0References4