9 matches found
CVE-2025-12354
The Live CSS Preview plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wpajaxfrontendsave' AJAX endpoint in all versions up to, and including, 2.1.4. This makes it possible for authenticated attackers, with Subscriber-level access an...
CVE-2025-12354
The Live CSS Preview plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wpajaxfrontendsave' AJAX endpoint in all versions up to, and including, 2.1.4. This makes it possible for authenticated attackers, with Subscriber-level access an...
CVE-2025-12354 Live CSS Preview <= 2.1.4 - Missing Authorization to Authenticated (Subscriber+) Settings Update
The Live CSS Preview plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wpajaxfrontendsave' AJAX endpoint in all versions up to, and including, 2.1.4. This makes it possible for authenticated attackers, with Subscriber-level access an...
CVE-2025-12354 Live CSS Preview <= 2.1.4 - Missing Authorization to Authenticated (Subscriber+) Settings Update
The Live CSS Preview plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wpajaxfrontendsave' AJAX endpoint in all versions up to, and including, 2.1.4. This makes it possible for authenticated attackers, with Subscriber-level access an...
EUVD-2025-201359
The Live CSS Preview plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wpajaxfrontendsave' AJAX endpoint in all versions up to, and including, 2.0.0. This makes it possible for authenticated attackers, with Subscriber-level access an...
CVE-2025-12354
CVE-2025-12354 affects WordPress plugin Live CSS Preview. A missing capability check on the AJAX action wp_ajax_frontend_save permits authenticated users with Subscriber+ privileges to modify the plugin CSS settings, across versions up to 2.0.0. Impact is unauthorized modification of data via the...
WordPress plugin Live CSS Preview 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...
PT-2025-49225
The Live CSS Preview plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wp ajax frontend save' AJAX endpoint in all versions up to, and including, 2.0.0. This makes it possible for authenticated attackers, with Subscriber-level access...
WordPress Live CSS Preview plugin <= 2.1.4 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Live CSS Preview versions = 2.1.4...