190 matches found
CVE-2025-3077
The Betheme theme for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Button shortcode and Custom CSS field in all versions up to, and including, 28.0.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
WordPress plugin Custom CSS, JS & PHP 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...
WordPress plugin Betheme 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
CVE-2025-31395
Cross-Site Request Forgery CSRF vulnerability in a.ankit Easy Custom CSS easy-custom-css allows Stored XSS.This issue affects Easy Custom CSS: from n/a through = 1.0...
WordPress Easy Custom CSS plugin <= 1.0 - CSRF to Stored XSS vulnerability
CSRF to Stored XSS vulnerability discovered by johska in WordPress Plugin Easy Custom CSS versions = 1.0...
CVE-2025-31395
Cross-Site Request Forgery CSRF vulnerability in a.ankit Easy Custom CSS easy-custom-css allows Stored XSS.This issue affects Easy Custom CSS: from n/a through = 1.0...
CVE-2025-31395 WordPress Easy Custom CSS plugin <= 1.0 - CSRF to Stored XSS vulnerability
Cross-Site Request Forgery CSRF vulnerability in a.ankit Easy Custom CSS easy-custom-css allows Stored XSS.This issue affects Easy Custom CSS: from n/a through = 1.0...
CVE-2025-31395
CVE-2025-31395: Cross-Site Request Forgery leading to Stored XSS in Easy Custom CSS (WordPress). Affected: Easy custom css by webriti (
CVE-2025-31395 WordPress Easy Custom CSS plugin <= 1.0 - CSRF to Stored XSS vulnerability
Cross-Site Request Forgery CSRF vulnerability in a.ankit Easy Custom CSS easy-custom-css allows Stored XSS.This issue affects Easy Custom CSS: from n/a through = 1.0...
PT-2025-15749 · Unknown · Easy Custom Css
Name of the Vulnerable Software and Affected Versions: Easy Custom CSS versions 1.0 and earlier Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. This means an attacker can trick a user into performing unintended actions on a web...
WordPress plugin Easy Custom CSS 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...
CVE-2024-13883
The WPUpper Share Buttons plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.51. This is due to missing or incorrect nonce validation on the 'savecustomcssrequest' function. This makes it possible for unauthenticated attackers to inject custom...
CVE-2024-13883 WPUpper Share Buttons <= 3.51 - Cross-Site Request Forgery to Custom CSS Update
The WPUpper Share Buttons plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.51. This is due to missing or incorrect nonce validation on the 'savecustomcssrequest' function. This makes it possible for unauthenticated attackers to inject custom...
CVE-2024-13883 WPUpper Share Buttons <= 3.51 - Cross-Site Request Forgery to Custom CSS Update
The WPUpper Share Buttons plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.51. This is due to missing or incorrect nonce validation on the 'savecustomcssrequest' function. This makes it possible for unauthenticated attackers to inject custom...
WordPress WPUpper Share Buttons plugin <= 3.51 - Cross-Site Request Forgery to Custom CSS Update vulnerability
Cross-Site Request Forgery to Custom CSS Update vulnerability discovered by Noah Stead TurtleBurg in WordPress Plugin WPUpper Share Buttons versions = 3.51...
CVE-2025-23578
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Bastien Ho Custom CSS Addons css-addons allows Reflected XSS.This issue affects Custom CSS Addons: from n/a through = 1.9.1...
CVE-2025-23578 WordPress Custom CSS Addons plugin <= 1.9.1 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Bastien Ho Custom CSS Addons css-addons allows Reflected XSS.This issue affects Custom CSS Addons: from n/a through = 1.9.1...
CVE-2025-23578 WordPress Custom CSS Addons plugin <= 1.9.1 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Bastien Ho Custom CSS Addons css-addons allows Reflected XSS.This issue affects Custom CSS Addons: from n/a through = 1.9.1...
CVE-2025-23578
CVE-2025-23578 relates to NotFound Custom CSS Addons and is described as a Reflected XSS in the plugin’s web page generation. Affected versions are listed as not explicit in the initial document (noted as from n/a through 1.9.1). Red Hat’s CISA-facing entry reiterates the same description without...
WordPress plugin Custom CSS Addons 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...