18 matches found
CVE-2026-6565
The Style Kits – Advanced Theme Styles for Elementor, Elementor Kits & Elementor Patterns plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the '/wp-json/agwp/v1/tokens/save' endpoint kit title parameter in versions up to, and including, 2.5.0 due to insufficient input...
CVE-2026-6565 Style Kits – Advanced Theme Styles for Elementor <= 2.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Kit Title
The Style Kits – Advanced Theme Styles for Elementor, Elementor Kits & Elementor Patterns plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the '/wp-json/agwp/v1/tokens/save' endpoint kit title parameter in versions up to, and including, 2.5.0 due to insufficient input...
CVE-2026-6565 Style Kits – Advanced Theme Styles for Elementor <= 2.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Kit Title
The Style Kits – Advanced Theme Styles for Elementor, Elementor Kits & Elementor Patterns plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the '/wp-json/agwp/v1/tokens/save' endpoint kit title parameter in versions up to, and including, 2.5.0 due to insufficient input...
CVE-2026-6565
The Style Kits – Advanced Theme Styles for Elementor, Elementor Kits & Elementor Patterns plugin for WordPress (WordPress plugin family) contains a Stored Cross-Site Scripting (XSS) vulnerability in the admin-facing endpoint /wp-json/agwp/v1/tokens/save. Affects versions up to 2.5.0; root cause i...
EUVD-2026-32037
The Style Kits – Advanced Theme Styles for Elementor, Elementor Kits & Elementor Patterns plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the '/wp-json/agwp/v1/tokens/save' endpoint kit title parameter in versions up to, and including, 2.5.0 due to insufficient input...
WordPress plugin Style Kits – Advanced Theme Styles for Elementor, Elementor Kits & Elementor Patterns 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
WordPress Style Kits for Elementor plugin <= 2.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by ? in WordPress Plugin Style Kits versions = 2.5.0...
EUVD-2021-34228
Malicious code in bioql PyPI...
CVE-2021-4401
The Style Kits plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.0. This is due to missing or incorrect nonce validation on the updatepostsstylekit function. This makes it possible for unauthenticated attackers to update style kits for posts vi...
CVE-2021-4401
The Style Kits plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.0. This is due to missing or incorrect nonce validation on the updatepostsstylekit function. This makes it possible for unauthenticated attackers to update style kits for posts vi...
CVE-2021-4401
The Style Kits plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.0. This is due to missing or incorrect nonce validation on the updatepostsstylekit function. This makes it possible for unauthenticated attackers to update style kits for posts vi...
Cross site request forgery (csrf)
The Style Kits plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.0. This is due to missing or incorrect nonce validation on the updatepostsstylekit function. This makes it possible for unauthenticated attackers to update style kits for posts vi...
CVE-2021-4401 Style Kits <= 1.8.0 - Cross-Site Request Forgery Bypass
The Style Kits plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.0. This is due to missing or incorrect nonce validation on the updatepostsstylekit function. This makes it possible for unauthenticated attackers to update style kits for posts vi...
CVE-2021-4401
The CVE pertains to the WordPress Style Kits plugin, affected versions up to and including 1.8.0. The root cause is missing or incorrect nonce validation in the update_posts_stylekit() function, enabling Cross‑Site Request Forgery (CSRF). This allows unauthenticated attackers to update style kits...
CVE-2021-4401 Style Kits <= 1.8.0 - Cross-Site Request Forgery Bypass
The Style Kits plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.0. This is due to missing or incorrect nonce validation on the updatepostsstylekit function. This makes it possible for unauthenticated attackers to update style kits for posts vi...
PT-2023-12513 · WordPress · Style Kits
Name of the Vulnerable Software and Affected Versions: The Style Kits plugin for WordPress versions up to, and including, 1.8.0 Description: The issue is due to missing or incorrect nonce validation on the update posts stylekit function, making it possible for unauthenticated attackers to update...
WordPress Plugin Style Kits 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...
WordPress Style Kits plugin <= 1.8.0 - Cross-Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability found by NintechNet in WordPress Style Kits plugin versions = 1.8.0. Solution Update the WordPress Style Kits plugin to the latest available version at least 1.8.1...