CVE-2019-11886

The WaspThemes Visual CSS Style Editor aka yellow-pencil-visual-theme-customizer plugin before 7.2.1 for WordPress allows ypoptionupdate CSRF, as demonstrated by use of ypremoteget to obtain admin access...

EUVD-2021-11846

Malware in sbrugna...

EUVD-2022-36997

Malicious code in bioql PyPI...

CVE-2022-33961

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in WaspThemes Visual CSS Style Editor plugin = 7.5.8 versions...

CVE-2021-24934

The Visual CSS Style Editor WordPress plugin before 7.5.4 does not sanitise and escape the wyppagetype parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting issue...

CVE-2024-47348

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in YellowPencil YellowPencil Visual CSS Style Editor yellow-pencil-visual-theme-customizer allows Reflected XSS.This issue affects YellowPencil Visual CSS Style Editor: from n/a through = 7.6.4...

CVE-2024-47348

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in YellowPencil YellowPencil Visual CSS Style Editor yellow-pencil-visual-theme-customizer allows Reflected XSS.This issue affects YellowPencil Visual CSS Style Editor: from n/a through = 7.6.4...

CVE-2024-47348 WordPress Visual CSS Style Editor plugin <= 7.6.4 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in WaspThemes YellowPencil Visual CSS Style Editor allows Reflected XSS.This issue affects YellowPencil Visual CSS Style Editor: from n/a through 7.6.4...

WordPress YellowPencil Visual CSS Style Editor Plugin <= 7.6.1 is vulnerable to Cross Site Scripting (XSS)

Software YellowPencil Visual CSS Style Editor Type Plugin Vulnerable versions = 7.6.1 Fixed in 7.6.4 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-43963 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID c8ac87b1f76e Credits Le Ngoc Anh...

CVE-2022-33961

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in WaspThemes Visual CSS Style Editor plugin = 7.5.8 versions...

Cross site scripting

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in WaspThemes Visual CSS Style Editor plugin = 7.5.8 versions...

CVE-2022-33961

CVE-2022-33961 is an admin+ authenticated Stored XSS in the WordPress YellowPencil Visual CSS Style Editor plugin (

WordPress plugin Visual CSS Style Editor 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

WordPress YellowPencil Visual CSS Style Editor Plugin <= 7.5.8 is vulnerable to Cross Site Scripting (XSS)

Software YellowPencil Visual CSS Style Editor Type Plugin Vulnerable versions = 7.5.8 Fixed in 7.5.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-33961 Patch priority Low CVSS severity Low 4 Developer Claim ownership PSID 3f9f31524979 Credits...

YellowPencil Visual CSS Style Editor < 7.5.9 - Admin+ Stored XSS

The plugin does not sanitise and escape some parameters, which could allow users with a role of Admin to perform Cross-Site Scripting attacks...

WordPress Visual CSS Style Editor plugin cross-site scripting vulnerability

WordPress is a set of blogging platforms developed by the WordPress Foundation using the PHP language. WordPress Visual CSS Style Editor plugin in versions prior to 7.5.4 has a cross-site scripting vulnerability that stems from not cleaning up and escaping the wyppagetype parameter. An attacker...

CVE-2021-24934

The Visual CSS Style Editor WordPress plugin before 7.5.4 does not sanitise and escape the wyppagetype parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting issue...

Cross site scripting

The Visual CSS Style Editor WordPress plugin before 7.5.4 does not sanitise and escape the wyppagetype parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting issue...

CVE-2021-24934

The Visual CSS Style Editor WordPress plugin for versions before 7.5.4 is vulnerable to a Reflected Cross-Site Scripting (XSS) due to improper sanitization/escaping of the wyp_page_type parameter in admin output. This can enable injection of JavaScript via the parameter, as documented by the Nucl...

Visual CSS Style Editor < 7.5.4 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the wyppagetype parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting issue PoC https://example.com/wp-admin/admin.php?page=yellow-pencil-editor=1pageid=homepagetype=homemode=singlepagetype=...