184 matches found
CVE-2025-31395
CVE-2025-31395: Cross-Site Request Forgery leading to Stored XSS in Easy Custom CSS (WordPress). Affected: Easy custom css by webriti (
CVE-2025-31395 WordPress Easy Custom CSS plugin <= 1.0 - CSRF to Stored XSS vulnerability
Cross-Site Request Forgery CSRF vulnerability in a.ankit Easy Custom CSS easy-custom-css allows Stored XSS.This issue affects Easy Custom CSS: from n/a through = 1.0...
CVE-2025-31395 WordPress Easy Custom CSS plugin <= 1.0 - CSRF to Stored XSS vulnerability
Cross-Site Request Forgery CSRF vulnerability in a.ankit Easy Custom CSS easy-custom-css allows Stored XSS.This issue affects Easy Custom CSS: from n/a through = 1.0...
WordPress plugin Easy Custom CSS 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...
PT-2025-15749 · Unknown · Easy Custom Css
Name of the Vulnerable Software and Affected Versions: Easy Custom CSS versions 1.0 and earlier Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. This means an attacker can trick a user into performing unintended actions on a web...
CVE-2024-13883
The WPUpper Share Buttons plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.51. This is due to missing or incorrect nonce validation on the 'savecustomcssrequest' function. This makes it possible for unauthenticated attackers to inject custom...
CVE-2024-13883 WPUpper Share Buttons <= 3.51 - Cross-Site Request Forgery to Custom CSS Update
The WPUpper Share Buttons plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.51. This is due to missing or incorrect nonce validation on the 'savecustomcssrequest' function. This makes it possible for unauthenticated attackers to inject custom...
CVE-2024-13883 WPUpper Share Buttons <= 3.51 - Cross-Site Request Forgery to Custom CSS Update
The WPUpper Share Buttons plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.51. This is due to missing or incorrect nonce validation on the 'savecustomcssrequest' function. This makes it possible for unauthenticated attackers to inject custom...
WordPress WPUpper Share Buttons plugin <= 3.51 - Cross-Site Request Forgery to Custom CSS Update vulnerability
Cross-Site Request Forgery to Custom CSS Update vulnerability discovered by Noah Stead TurtleBurg in WordPress Plugin WPUpper Share Buttons versions = 3.51...
CVE-2025-23578
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Bastien Ho Custom CSS Addons css-addons allows Reflected XSS.This issue affects Custom CSS Addons: from n/a through = 1.9.1...
CVE-2025-23578 WordPress Custom CSS Addons plugin <= 1.9.1 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Bastien Ho Custom CSS Addons css-addons allows Reflected XSS.This issue affects Custom CSS Addons: from n/a through = 1.9.1...
CVE-2025-23578 WordPress Custom CSS Addons plugin <= 1.9.1 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Bastien Ho Custom CSS Addons css-addons allows Reflected XSS.This issue affects Custom CSS Addons: from n/a through = 1.9.1...
CVE-2025-23578
CVE-2025-23578 relates to NotFound Custom CSS Addons and is described as a Reflected XSS in the plugin’s web page generation. Affected versions are listed as not explicit in the initial document (noted as from n/a through 1.9.1). Red Hat’s CISA-facing entry reiterates the same description without...
WordPress plugin Custom CSS Addons 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
WordPress Custom CSS Addons plugin <= 1.9.1 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by SOPROBRO in WordPress Plugin Custom CSS Addons versions = 1.9.1...
CVE-2024-11330
The Custom CSS, JS & PHP plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg & removequeryarg without appropriate escaping on the URL in all versions up to, and including, 2.3.0. This makes it possible for unauthenticated attackers to inject arbitrar...
CVE-2024-11330 Custom CSS, JS & PHP <= 2.3.0 - Reflected Cross-Site Scripting
The Custom CSS, JS & PHP plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg & removequeryarg without appropriate escaping on the URL in all versions up to, and including, 2.3.0. This makes it possible for unauthenticated attackers to inject arbitrar...
PT-2024-16915 · WordPress · Custom Css
Name of the Vulnerable Software and Affected Versions: Custom CSS, JS & PHP plugin for WordPress versions up to, and including, 2.3.0 Description: The issue arises from the use of add query arg and remove query arg without proper escaping on the URL, leading to Reflected Cross-Site Scripting. Thi...
WordPress Custom CSS, JS & PHP plugin <= 2.3.0 - Reflected Cross-Site Scripting vulnerability
Reflected Cross-Site Scripting vulnerability discovered by vgo0 in WordPress Plugin Custom CSS, JS & PHP versions = 2.3.0...
WordPress Custom CSS, JS & PHP Plugin <= 2.3.0 is vulnerable to Cross Site Scripting (XSS)
Software Custom CSS, JS & PHP Type Plugin Vulnerable versions = 2.3.0 Fixed in 2.4.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-11330 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 56e1a6085112 Credits vgo0 Require...