CVE-2026-6703

The Responsive Blocks – Page Builder for Blocks & Patterns plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 2.2.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticat...

CVE-2025-68878

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in prasadkirpekar Advanced Custom CSS advanced-custom-css allows Reflected XSS.This issue affects Advanced Custom CSS: from n/a through = 1.1.0...

EUVD-2025-202013

Cross-Site Request Forgery CSRF vulnerability in Alex Prokopenko / JustCoded Just TinyMCE Custom Styles just-tinymce-styles allows Cross Site Request Forgery.This issue affects Just TinyMCE Custom Styles: from n/a through = 1.2.1...

CVE-2025-62871

Cross-Site Request Forgery CSRF vulnerability in Alex Prokopenko / JustCoded Just TinyMCE Custom Styles just-tinymce-styles allows Cross Site Request Forgery.This issue affects Just TinyMCE Custom Styles: from n/a through = 1.2.1...

CVE-2025-62871 WordPress Just TinyMCE Custom Styles plugin <= 1.2.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Alex Prokopenko / JustCoded Just TinyMCE Custom Styles just-tinymce-styles allows Cross Site Request Forgery.This issue affects Just TinyMCE Custom Styles: from n/a through = 1.2.1...

CVE-2025-62871

CVE-2025-62871 : CSRF in the WordPress plugin “Just TinyMCE Custom Styles” (JustCoded) affects versions n/a through 1.2.1. The CVE entry states a Cross-Site Request Forgery vulnerability with a CVSS v3.1 base score of 4.3 (Network, Low attack complexity, User interaction required). Connected sour...

WordPress plugin Just TinyMCE Custom Styles 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site request...

WordPress Just TinyMCE Custom Styles plugin <= 1.2.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Nabil Irawan in WordPress Plugin Just TinyMCE Custom Styles versions = 1.2.1...

EUVD-2023-28059

Malicious code in bioql PyPI...

CVE-2023-23995

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Tim Reeves & David Stöckl TinyMCE Custom Styles plugin = 1.1.2 versions...

CVE-2023-2967

The TinyMCE Custom Styles WordPress plugin before 1.1.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2023-2967

The TinyMCE Custom Styles WordPress plugin before 1.1.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

Cross site scripting

The TinyMCE Custom Styles WordPress plugin before 1.1.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2023-2967

The CVE-2023-2967 entry concerns the TinyMCE Custom Styles WordPress plugin (versions prior to 1.1.4). The connected sources confirm that the issue arises from insufficient sanitization/escaping of certain settings, enabling Stored Cross-Site Scripting by high-privilege users (e.g., admins) even ...

WordPress plugin TinyMCE Custom Styles 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in the...

PT-2023-22355 · WordPress · Tinymce Custom Styles

Name of the Vulnerable Software and Affected Versions: TinyMCE Custom Styles WordPress plugin versions prior to 1.1.4 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, for...

TinyMCE Custom Styles < 1.1.4 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. 1. Go to "Settings" » "TinyMCE Custom Styles"...

CVE-2023-23995

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Tim Reeves & David Stöckl TinyMCE Custom Styles plugin = 1.1.2 versions...

CVE-2023-23995

CVE-2023-23995 affects the WordPress TinyMCE Custom Styles plugin (versions

CVE-2023-23995 WordPress TinyMCE Custom Styles Plugin <= 1.1.2 is vulnerable to Cross Site Scripting (XSS)

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Tim Reeves & David Stöckl TinyMCE Custom Styles plugin = 1.1.2 versions...