WordPress plugin Gravity Forms CSS Themes with Fontawesome and Placeholders 跨站脚本漏洞

WordPress and the WordPress plugin are products of the WordPress Foundation, a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in WordPress...

WordPress plugin Live css 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

PT-2025-17060 · Unknown · Wpion Live Css

Name of the Vulnerable Software and Affected Versions: wpion Live css versions 1.3 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This means that an attacker can inject...

CVE-2025-22373

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in SicommNet BASEC on SaaS allows Reflected XSS, XSS Through HTTP Query Strings, Rendering of Arbitrary HTML and alternation of CSS Styles This issue affects BASEC: from 14 Dec 2021...

WordPress Custom CSS, JS & PHP plugin <= 2.4.1 - CSRF to RCE vulnerability

CSRF to RCE vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin Custom CSS, JS & PHP versions = 2.4.1...

CVE-2025-39601

Cross-Site Request Forgery CSRF vulnerability in WPFactory Custom CSS, JS & PHP custom-css allows Remote Code Inclusion.This issue affects Custom CSS, JS & PHP: from n/a through = 2.4.1...

CVE-2025-39601 WordPress Custom CSS, JS & PHP plugin <= 2.4.1 - CSRF to RCE vulnerability

Cross-Site Request Forgery CSRF vulnerability in WPFactory Custom CSS, JS & PHP custom-css allows Remote Code Inclusion.This issue affects Custom CSS, JS & PHP: from n/a through = 2.4.1...

CVE-2025-39601

The CVE-2025-39601 entry describes a Cross-Site Request Forgery (CSRF) vulnerability in the WordPress plugin WPFactory Custom CSS, JS & PHP. A CSRF flaw in versions n/a through 2.4.1 allows Remote Code Inclusion (RCE). The issue affects Custom CSS, JS & PHP versions n/a–2.4.1. The risk is rated h...

CVE-2025-3077

The Betheme theme for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Button shortcode and Custom CSS field in all versions up to, and including, 28.0.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

Clickjacking

tarteaucitronjs is vulnerable to clickjacking. The vulnerability is due to improper validation of user-controlled CSS inputs for element dimensions, allowing attackers to overlay the viewport with malicious elements...

WordPress plugin Betheme 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

PT-2025-16621 · WordPress · Wpfactory Custom Css

Name of the Vulnerable Software and Affected Versions: WPFactory Custom CSS, JS & PHP versions n/a through 2.4.1 Description: A Cross-Site Request Forgery CSRF issue allows Remote Code Inclusion. This is a critical issue that can be exploited remotely. Recommendations: For versions n/a through...

WordPress plugin Custom CSS, JS & PHP 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

CVE-2025-22373

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in SicommNet BASEC on SaaS allows Reflected XSS, XSS Through HTTP Query Strings, Rendering of Arbitrary HTML and alternation of CSS Styles This issue affects BASEC: from 14 Dec 2021...

CVE-2025-22373

CVE-2025-22373 targets SicommNet BASEC (SaaS) and centers on Improper Neutralization of Input During Web Page Generation, i.e., a Reflected XSS vulnerability that can be triggered via input and HTTP query strings to render arbitrary HTML and alter CSS styles. Affected component is BASEC on SaaS, ...

CVE-2025-22373 XSS, HTML and Style injection on login page

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in SicommNet BASEC on SaaS allows Reflected XSS, XSS Through HTTP Query Strings, Rendering of Arbitrary HTML and alternation of CSS Styles This issue affects BASEC: from 14 Dec 2021...

CVE-2025-22373 XSS, HTML and Style injection on login page

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in SicommNet BASEC on SaaS allows Reflected XSS, XSS Through HTTP Query Strings, Rendering of Arbitrary HTML and alternation of CSS Styles This issue affects BASEC: from 14 Dec 2021...

CVE-2025-31395

Cross-Site Request Forgery CSRF vulnerability in a.ankit Easy Custom CSS easy-custom-css allows Stored XSS.This issue affects Easy Custom CSS: from n/a through = 1.0...

WordPress Easy Custom CSS plugin <= 1.0 - CSRF to Stored XSS vulnerability

CSRF to Stored XSS vulnerability discovered by johska in WordPress Plugin Easy Custom CSS versions = 1.0...

CVE-2025-31395

Cross-Site Request Forgery CSRF vulnerability in a.ankit Easy Custom CSS easy-custom-css allows Stored XSS.This issue affects Easy Custom CSS: from n/a through = 1.0...