183 matches found
EUVD-2024-36480
Malicious code in bioql PyPI...
EUVD-2025-3260
Malicious code in bioql PyPI...
EUVD-2024-43300
Malicious code in bioql PyPI...
CVE-2025-5699
The Developer Formatter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Custom CSS in all versions up to, and including, 2015.0.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...
CVE-2025-5699
CVE-2025-5699 involves the Developer Formatter WordPress plugin. A stored cross-site scripting (XSS) flaw exists in Custom CSS handling across all versions up to 2015.0.2.1, caused by insufficient input sanitization and output escaping. Exploitation requires authenticated admin-level access and c...
CVE-2024-49230
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in harry005 Ajax Custom CSS/JS ajax-awesome-css allows Reflected XSS.This issue affects Ajax Custom CSS/JS: from n/a through = 2.0.4...
CVE-2024-7410
The My Custom CSS PHP & ADS plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.3. This is due the plugin not preventing direct access to the /my-custom-css/vendor/mobiledetect/mobiledetectlib/export/exportToJSON.php file and and the file...
CVE-2021-24518
The WPFront Notification Bar WordPress plugin before 2.0.0.07176 does not sanitise or escape its Custom CSS setting, allowing high privilege users such as admin to set XSS payload in it even when the unfilteredhtml capability is disallowed, leading to an authenticated Stored Cross-Site Scripting...
CVE-2019-5984
Cross-site request forgery CSRF vulnerability in Custom CSS Pro 1.0.3 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors...
CVE-2025-39601
Cross-Site Request Forgery CSRF vulnerability in WPFactory Custom CSS, JS & PHP custom-css allows Remote Code Inclusion.This issue affects Custom CSS, JS & PHP: from n/a through = 2.4.1...
WordPress Custom CSS, JS & PHP plugin <= 2.4.1 - CSRF to RCE vulnerability
CSRF to RCE vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin Custom CSS, JS & PHP versions = 2.4.1...
CVE-2025-39601
Cross-Site Request Forgery CSRF vulnerability in WPFactory Custom CSS, JS & PHP custom-css allows Remote Code Inclusion.This issue affects Custom CSS, JS & PHP: from n/a through = 2.4.1...
CVE-2025-39601
The CVE-2025-39601 entry describes a Cross-Site Request Forgery (CSRF) vulnerability in the WordPress plugin WPFactory Custom CSS, JS & PHP. A CSRF flaw in versions n/a through 2.4.1 allows Remote Code Inclusion (RCE). The issue affects Custom CSS, JS & PHP versions n/a–2.4.1. The risk is rated h...
CVE-2025-3077
The Betheme theme for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Button shortcode and Custom CSS field in all versions up to, and including, 28.0.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
WordPress plugin Custom CSS, JS & PHP 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...
WordPress plugin Betheme 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
CVE-2025-31395
Cross-Site Request Forgery CSRF vulnerability in a.ankit Easy Custom CSS easy-custom-css allows Stored XSS.This issue affects Easy Custom CSS: from n/a through = 1.0...
WordPress Easy Custom CSS plugin <= 1.0 - CSRF to Stored XSS vulnerability
CSRF to Stored XSS vulnerability discovered by johska in WordPress Plugin Easy Custom CSS versions = 1.0...
CVE-2025-31395
Cross-Site Request Forgery CSRF vulnerability in a.ankit Easy Custom CSS easy-custom-css allows Stored XSS.This issue affects Easy Custom CSS: from n/a through = 1.0...
CVE-2025-31395
CVE-2025-31395: Cross-Site Request Forgery leading to Stored XSS in Easy Custom CSS (WordPress). Affected: Easy custom css by webriti (