190 matches found
EUVD-2018-17090
Malware in sbrugna...
EUVD-2019-15552
Malware in sbrugna...
EUVD-2021-11270
Malware in sbrugna...
EUVD-2021-11442
Malware in sbrugna...
EUVD-2021-11430
Malware in sbrugna...
EUVD-2024-43300
Malicious code in bioql PyPI...
EUVD-2024-36480
Malicious code in bioql PyPI...
EUVD-2025-10640
Malicious code in bioql PyPI...
EUVD-2023-32715
Malicious code in bioql PyPI...
EUVD-2025-3260
Malicious code in bioql PyPI...
CVE-2025-5699
The Developer Formatter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Custom CSS in all versions up to, and including, 2015.0.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...
CVE-2025-5699
CVE-2025-5699 involves the Developer Formatter WordPress plugin. A stored cross-site scripting (XSS) flaw exists in Custom CSS handling across all versions up to 2015.0.2.1, caused by insufficient input sanitization and output escaping. Exploitation requires authenticated admin-level access and c...
CVE-2024-49230
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in harry005 Ajax Custom CSS/JS ajax-awesome-css allows Reflected XSS.This issue affects Ajax Custom CSS/JS: from n/a through = 2.0.4...
CVE-2024-7410
The My Custom CSS PHP & ADS plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.3. This is due the plugin not preventing direct access to the /my-custom-css/vendor/mobiledetect/mobiledetectlib/export/exportToJSON.php file and and the file...
CVE-2021-24518
The WPFront Notification Bar WordPress plugin before 2.0.0.07176 does not sanitise or escape its Custom CSS setting, allowing high privilege users such as admin to set XSS payload in it even when the unfilteredhtml capability is disallowed, leading to an authenticated Stored Cross-Site Scripting...
CVE-2019-5984
Cross-site request forgery CSRF vulnerability in Custom CSS Pro 1.0.3 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors...
CVE-2025-39601
Cross-Site Request Forgery CSRF vulnerability in WPFactory Custom CSS, JS & PHP custom-css allows Remote Code Inclusion.This issue affects Custom CSS, JS & PHP: from n/a through = 2.4.1...
WordPress Custom CSS, JS & PHP plugin <= 2.4.1 - CSRF to RCE vulnerability
CSRF to RCE vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin Custom CSS, JS & PHP versions = 2.4.1...
CVE-2025-39601
Cross-Site Request Forgery CSRF vulnerability in WPFactory Custom CSS, JS & PHP custom-css allows Remote Code Inclusion.This issue affects Custom CSS, JS & PHP: from n/a through = 2.4.1...
CVE-2025-39601
The CVE-2025-39601 entry describes a Cross-Site Request Forgery (CSRF) vulnerability in the WordPress plugin WPFactory Custom CSS, JS & PHP. A CSRF flaw in versions n/a through 2.4.1 allows Remote Code Inclusion (RCE). The issue affects Custom CSS, JS & PHP versions n/a–2.4.1. The risk is rated h...