21 matches found
CVE-2019-11886
The WaspThemes Visual CSS Style Editor aka yellow-pencil-visual-theme-customizer plugin before 7.2.1 for WordPress allows ypoptionupdate CSRF, as demonstrated by use of ypremoteget to obtain admin access...
EUVD-2021-11846
Malware in sbrugna...
EUVD-2022-36997
Malicious code in bioql PyPI...
CVE-2022-33961
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in WaspThemes Visual CSS Style Editor plugin = 7.5.8 versions...
CVE-2021-24934
The Visual CSS Style Editor WordPress plugin before 7.5.4 does not sanitise and escape the wyppagetype parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting issue...
CVE-2024-47348
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in YellowPencil YellowPencil Visual CSS Style Editor yellow-pencil-visual-theme-customizer allows Reflected XSS.This issue affects YellowPencil Visual CSS Style Editor: from n/a through = 7.6.4...
CVE-2024-47348
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in YellowPencil YellowPencil Visual CSS Style Editor yellow-pencil-visual-theme-customizer allows Reflected XSS.This issue affects YellowPencil Visual CSS Style Editor: from n/a through = 7.6.4...
CVE-2024-47348 WordPress Visual CSS Style Editor plugin <= 7.6.4 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in WaspThemes YellowPencil Visual CSS Style Editor allows Reflected XSS.This issue affects YellowPencil Visual CSS Style Editor: from n/a through 7.6.4...
CVE-2022-33961
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in WaspThemes Visual CSS Style Editor plugin = 7.5.8 versions...
Cross site scripting
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in WaspThemes Visual CSS Style Editor plugin = 7.5.8 versions...
CVE-2022-33961
CVE-2022-33961 is an admin+ authenticated Stored XSS in the WordPress YellowPencil Visual CSS Style Editor plugin (
WordPress plugin Visual CSS Style Editor 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
YellowPencil Visual CSS Style Editor < 7.5.9 - Admin+ Stored XSS
The plugin does not sanitise and escape some parameters, which could allow users with a role of Admin to perform Cross-Site Scripting attacks...
WordPress YellowPencil Visual CSS Style Editor Plugin <= 7.5.8 is vulnerable to Cross Site Scripting (XSS)
Software YellowPencil Visual CSS Style Editor Type Plugin Vulnerable versions = 7.5.8 Fixed in 7.5.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-33961 Patch priority Low CVSS severity Low 4 Developer Claim ownership PSID 3f9f31524979 Credits...
CVE-2021-24934
The Visual CSS Style Editor WordPress plugin before 7.5.4 does not sanitise and escape the wyppagetype parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting issue...
Cross site scripting
The Visual CSS Style Editor WordPress plugin before 7.5.4 does not sanitise and escape the wyppagetype parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting issue...
CVE-2021-24934
The Visual CSS Style Editor WordPress plugin for versions before 7.5.4 is vulnerable to a Reflected Cross-Site Scripting (XSS) due to improper sanitization/escaping of the wyp_page_type parameter in admin output. This can enable injection of JavaScript via the parameter, as documented by the Nucl...
Visual CSS Style Editor < 7.5.4 - Reflected Cross-Site Scripting
The plugin does not sanitise and escape the wyppagetype parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting issue PoC https://example.com/wp-admin/admin.php?page=yellow-pencil-editor=1pageid=homepagetype=homemode=singlepagetype=...
CVE-2019-11886
The WaspThemes Visual CSS Style Editor aka yellow-pencil-visual-theme-customizer plugin before 7.2.1 for WordPress allows ypoptionupdate CSRF, as demonstrated by use of ypremoteget to obtain admin access...
CVE-2019-11886
The CVE-2019-11886 entry concerns the WordPress plugin Yellow Pencil Visual Theme Customizer (WaspThemes Visual CSS Style Editor) versions prior to 7.2.1. The vulnerability arises from yp_option_update CSRF, demonstrated via yp_remote_get, enabling an unauthenticated attacker to obtain administra...