Lucene search
K

190 matches found

OSV
OSV
added 2025/04/16 8:15 a.m.5 views

CVE-2025-3077

The Betheme theme for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Button shortcode and Custom CSS field in all versions up to, and including, 28.0.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

5.4CVSS7AI score0.0023EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/04/16 12:0 a.m.14 views

WordPress plugin Custom CSS, JS & PHP 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

9.6CVSS8.8AI score0.00288EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/04/16 12:0 a.m.4 views

WordPress plugin Betheme 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

6.4CVSS6.6AI score0.0023EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/04/11 5:1 p.m.17 views

CVE-2025-31395

Cross-Site Request Forgery CSRF vulnerability in a.ankit Easy Custom CSS easy-custom-css allows Stored XSS.This issue affects Easy Custom CSS: from n/a through = 1.0...

7.1CVSS7.2AI score0.00191EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/04/09 5:33 p.m.7 views

WordPress Easy Custom CSS plugin <= 1.0 - CSRF to Stored XSS vulnerability

CSRF to Stored XSS vulnerability discovered by johska in WordPress Plugin Easy Custom CSS versions = 1.0...

7.1CVSS7.5AI score0.00191EPSS
Exploits0Affected Software1
NVD
NVD
added 2025/04/09 5:15 p.m.11 views

CVE-2025-31395

Cross-Site Request Forgery CSRF vulnerability in a.ankit Easy Custom CSS easy-custom-css allows Stored XSS.This issue affects Easy Custom CSS: from n/a through = 1.0...

7.1CVSS0.00191EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/04/09 4:10 p.m.21 views

CVE-2025-31395 WordPress Easy Custom CSS plugin <= 1.0 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in a.ankit Easy Custom CSS easy-custom-css allows Stored XSS.This issue affects Easy Custom CSS: from n/a through = 1.0...

7.1CVSS0.00191EPSS
Exploits0References1
CVE
CVE
added 2025/04/09 4:10 p.m.46 views

CVE-2025-31395

CVE-2025-31395: Cross-Site Request Forgery leading to Stored XSS in Easy Custom CSS (WordPress). Affected: Easy custom css by webriti (

7.1CVSS7.2AI score0.00191EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/04/09 4:10 p.m.8 views

CVE-2025-31395 WordPress Easy Custom CSS plugin <= 1.0 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in a.ankit Easy Custom CSS easy-custom-css allows Stored XSS.This issue affects Easy Custom CSS: from n/a through = 1.0...

7.1CVSS7.2AI score0.00191EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/04/09 12:0 a.m.5 views

PT-2025-15749 · Unknown · Easy Custom Css

Name of the Vulnerable Software and Affected Versions: Easy Custom CSS versions 1.0 and earlier Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. This means an attacker can trick a user into performing unintended actions on a web...

7.1CVSS7.5AI score0.00191EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/04/09 12:0 a.m.5 views

WordPress plugin Easy Custom CSS 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

7.1CVSS7.2AI score0.00191EPSS
Exploits0References1
NVD
NVD
added 2025/02/21 4:15 a.m.23 views

CVE-2024-13883

The WPUpper Share Buttons plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.51. This is due to missing or incorrect nonce validation on the 'savecustomcssrequest' function. This makes it possible for unauthenticated attackers to inject custom...

4.3CVSS0.00206EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/02/21 3:21 a.m.23 views

CVE-2024-13883 WPUpper Share Buttons <= 3.51 - Cross-Site Request Forgery to Custom CSS Update

The WPUpper Share Buttons plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.51. This is due to missing or incorrect nonce validation on the 'savecustomcssrequest' function. This makes it possible for unauthenticated attackers to inject custom...

4.3CVSS0.00206EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/02/21 3:21 a.m.8 views

CVE-2024-13883 WPUpper Share Buttons <= 3.51 - Cross-Site Request Forgery to Custom CSS Update

The WPUpper Share Buttons plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.51. This is due to missing or incorrect nonce validation on the 'savecustomcssrequest' function. This makes it possible for unauthenticated attackers to inject custom...

4.3CVSS4.3AI score0.00206EPSS
Exploits0References3
Patchstack
Patchstack
added 2025/02/20 5:22 p.m.3 views

WordPress WPUpper Share Buttons plugin <= 3.51 - Cross-Site Request Forgery to Custom CSS Update vulnerability

Cross-Site Request Forgery to Custom CSS Update vulnerability discovered by Noah Stead TurtleBurg in WordPress Plugin WPUpper Share Buttons versions = 3.51...

4.3CVSS7AI score0.00206EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2025/01/22 3:15 p.m.5 views

CVE-2025-23578

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Bastien Ho Custom CSS Addons css-addons allows Reflected XSS.This issue affects Custom CSS Addons: from n/a through = 1.9.1...

7.1CVSS0.00378EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/01/22 2:29 p.m.5 views

CVE-2025-23578 WordPress Custom CSS Addons plugin <= 1.9.1 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Bastien Ho Custom CSS Addons css-addons allows Reflected XSS.This issue affects Custom CSS Addons: from n/a through = 1.9.1...

7.1CVSS7.2AI score0.00378EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/01/22 2:29 p.m.15 views

CVE-2025-23578 WordPress Custom CSS Addons plugin <= 1.9.1 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Bastien Ho Custom CSS Addons css-addons allows Reflected XSS.This issue affects Custom CSS Addons: from n/a through = 1.9.1...

7.1CVSS0.00378EPSS
Exploits0References1
CVE
CVE
added 2025/01/22 2:29 p.m.42 views

CVE-2025-23578

CVE-2025-23578 relates to NotFound Custom CSS Addons and is described as a Reflected XSS in the plugin’s web page generation. Affected versions are listed as not explicit in the initial document (noted as from n/a through 1.9.1). Red Hat’s CISA-facing entry reiterates the same description without...

7.1CVSS7.2AI score0.00378EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/01/22 12:0 a.m.2 views

WordPress plugin Custom CSS Addons 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

7.1CVSS7.8AI score0.00378EPSS
Exploits0References2
Rows per page
Query Builder