CVE-2021-4418 Custom CSS, JS & PHP <= 2.0.7 - Cross-Site Request Forgery Bypass

The Custom CSS, JS & PHP plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.7. This is due to missing or incorrect nonce validation on the save function. This makes it possible for unauthenticated attackers to save code snippets via a forged...

CVE-2021-4418 Custom CSS, JS & PHP <= 2.0.7 - Cross-Site Request Forgery Bypass

The Custom CSS, JS & PHP plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.7. This is due to missing or incorrect nonce validation on the save function. This makes it possible for unauthenticated attackers to save code snippets via a forged...

Instant CSS < 1.2.2 - Theme/CSS/Minify/Preprocessor Data Update via CSRF

Description The plugin does not have CSRF checks when updating its Theme, CSS, Minify and Preprocessor data, which could allow attackers to make logged in admins perform such actions via CSRF attacks...

Instant CSS < 1.1.5 - Subscriber+ Unauthorised AJAX Calls

Description The plugin does not have authorisation in various AJAX actions, allowing any authenticated users, such as subscriber to call them and modify/access theme and CSS data for example. It could also lead to Stored XSS issues...

Improper Input Validation

postcss is vulnerable to Improper Input Validation. The vulnerability is due to the REBADBRACKET in tokenize.js which does not account for carriage returns \r. This means that any CSS containing a carriage return character \r would not be matched by this regular expression, potentially allowing...

The Post Grid < 7.2.8 - Block CSS Update via CSRF

Description The plugin does not have CSRF check when updating its block CSS, which could allow attackers to make logged in admins perform such action via a CSRF attack...

CVE-2023-44243

Cross-Site Request Forgery CSRF vulnerability in Dylan Blokhuis Instant CSS plugin = 1.2.1 versions...

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in Dylan Blokhuis Instant CSS plugin = 1.2.1 versions...

CVE-2023-44243 WordPress Instant CSS Plugin <= 1.2.1 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in Dylan Blokhuis Instant CSS plugin = 1.2.1 versions...

CVE-2023-44243

CVE-2023-44243 affects the WordPress plugin Instant CSS (versions up to and including 1.2.1). It is a Cross-Site Request Forgery (CSRF) vulnerability that could allow an unauthenticated attacker to trigger admin actions when a user visits a malicious page. Patch: fixed in 1.2.2. Severity is repor...

WordPress Plugin Instant CSS Cross-Site Request Forgery Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forgery...

PT-2023-29167 · Dylan Blokhuis · Instant Css

Name of the Vulnerable Software and Affected Versions: Dylan Blokhuis Instant CSS plugin versions = 1.2.1 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended actions on a web...

GHSA-7FH5-64P2-3V2J PostCSS line return parsing error

An issue was discovered in PostCSS before 8.4.31. It affects linters using PostCSS to parse external Cascading Style Sheets CSS. There may be \r discrepancies, as demonstrated by @font-face font:\r/; in a rule. This vulnerability affects linters using PostCSS to parse external untrusted CSS. An...

PostCSS line return parsing error

An issue was discovered in PostCSS before 8.4.31. It affects linters using PostCSS to parse external Cascading Style Sheets CSS. There may be \r discrepancies, as demonstrated by @font-face font:\r/; in a rule. This vulnerability affects linters using PostCSS to parse external untrusted CSS. An...

CVE-2023-44270

An issue was discovered in PostCSS before 8.4.31. The vulnerability affects linters using PostCSS to parse external untrusted CSS. An attacker can prepare CSS in such a way that it will contains parts parsed by PostCSS as a CSS comment. After processing by PostCSS, it will be included in the...

DEBIAN-CVE-2023-44270

An issue was discovered in PostCSS before 8.4.31. The vulnerability affects linters using PostCSS to parse external untrusted CSS. An attacker can prepare CSS in such a way that it will contains parts parsed by PostCSS as a CSS comment. After processing by PostCSS, it will be included in the...

CVE-2023-44270

An issue was discovered in PostCSS before 8.4.31. The vulnerability affects linters using PostCSS to parse external untrusted CSS. An attacker can prepare CSS in such a way that it will contains parts parsed by PostCSS as a CSS comment. After processing by PostCSS, it will be included in the...

CVE-2023-44270

An issue was discovered in PostCSS before 8.4.31. The vulnerability affects linters using PostCSS to parse external untrusted CSS. An attacker can prepare CSS in such a way that it will contains parts parsed by PostCSS as a CSS comment. After processing by PostCSS, it will be included in the...

Code injection

An issue was discovered in PostCSS before 8.4.31. The vulnerability affects linters using PostCSS to parse external untrusted CSS. An attacker can prepare CSS in such a way that it will contains parts parsed by PostCSS as a CSS comment. After processing by PostCSS, it will be included in the...

UBUNTU-CVE-2023-44270

An issue was discovered in PostCSS before 8.4.31. The vulnerability affects linters using PostCSS to parse external untrusted CSS. An attacker can prepare CSS in such a way that it will contains parts parsed by PostCSS as a CSS comment. After processing by PostCSS, it will be included in the...