CVE-2025-23578

CVE-2025-23578 relates to NotFound Custom CSS Addons and is described as a Reflected XSS in the plugin’s web page generation. Affected versions are listed as not explicit in the initial document (noted as from n/a through 1.9.1). Red Hat’s CISA-facing entry reiterates the same description without...

WordPress plugin Custom CSS Addons 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

Malicious code in zd-css-bedrock (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1f5ed19a04835661c3c757cb19d1a1a55f869af076879b44b2c84cd0e66f9fd1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-263 Malicious code in zd-css-bedrock (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1f5ed19a04835661c3c757cb19d1a1a55f869af076879b44b2c84cd0e66f9fd1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Roundcube Webmail 1.5.x < 1.5.8 Multiples Vulnerabilities

According to its self-reported version number, Roundcube Webmail is prior to 1.5.8 or 1.6.x prior to 1.6.8. Therefore, it may be affected by multiple vulnerabilities : - A Cross-Site Scripting XSS in rcmailactionmailget-run. - A Cross-Site Scripting XSS via a crafted e-mail message that abuses a...

WordPress WOW Best CSS Compiler plugin <= 2.0.2 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro Soares de Alcântara Kinorth in WordPress Plugin WOW Best CSS Compiler versions = 2.0.2...

WordPress Custom CSS Addons plugin <= 1.9.1 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by SOPROBRO in WordPress Plugin Custom CSS Addons versions = 1.9.1...

CVE-2024-12249

The GS Insever Portfolio plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the savesettings function in all versions up to, and including, 1.4.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, ...

CVE-2024-12249 GS Insever Portfolio <= 1.4.5 - Missing Authorization to Authenticated (Subscriber+) CSS Injection

The GS Insever Portfolio plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the savesettings function in all versions up to, and including, 1.4.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, ...

CVE-2024-12249 GS Insever Portfolio <= 1.4.5 - Missing Authorization to Authenticated (Subscriber+) CSS Injection

The GS Insever Portfolio plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the savesettings function in all versions up to, and including, 1.4.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, ...

WordPress GS Insever Portfolio plugin <= 1.4.5 - Missing Authorization to Authenticated (Subscriber+) CSS Injection vulnerability

Missing Authorization to Authenticated Subscriber+ CSS Injection vulnerability discovered by Peter Thaleikis in WordPress Plugin GS Insever Portfolio versions = 1.4.5...

SUSE CVE-2024-56705

In the Linux kernel, the following vulnerability has been resolved: media: atomisp: Add check for rgbydata memory allocation failure In iacss3astatisticsallocate, there is no check on the allocation result of the rgbydata memory. If rgbydata is not successfully allocated, it may trigger the...

CVE-2023-38483

Missing Authorization vulnerability in Dylan Blokhuis Instant CSS allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Instant CSS: from n/a through 1.1.4...

CVE-2023-38483

Missing Authorization vulnerability in dylanblokhuis Instant CSS instant-css allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Instant CSS: from n/a through = 1.1.4...

CVE-2023-38483 WordPress Instant CSS plugin <= 1.1.4 - Broken Access Control vulnerability

Missing Authorization vulnerability in dylanblokhuis Instant CSS instant-css allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Instant CSS: from n/a through = 1.1.4...

CVE-2023-38483 WordPress Instant CSS plugin <= 1.1.4 - Broken Access Control vulnerability

Missing Authorization vulnerability in Dylan Blokhuis Instant CSS allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Instant CSS: from n/a through 1.1.4...

WordPress plugin Instant CSS 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

PT-2024-12732 · Unknown · Instant Css

Name of the Vulnerable Software and Affected Versions: Instant CSS versions 1.1.4 and earlier Description: The issue is related to missing authorization, allowing exploitation of incorrectly configured access control security levels. This is a broken access control issue that can be exploited by...

PT-2024-17422 · WordPress · Wp Media Optimizer (.Webp) Plugin

Name of the Vulnerable Software and Affected Versions: WP Media Optimizer .webp plugin for WordPress versions up to, and including, 1.4.0 Description: The issue is related to Reflected Cross-Site Scripting due to insufficient input sanitization and output escaping. This allows unauthenticated...

WordPress plugin WP Media Optimizer 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripti...