48 matches found
CVE-2019-11886
The WaspThemes Visual CSS Style Editor aka yellow-pencil-visual-theme-customizer plugin before 7.2.1 for WordPress allows ypoptionupdate CSRF, as demonstrated by use of ypremoteget to obtain admin access...
CVE-2025-48096
Missing Authorization vulnerability in FRESHFACE Custom CSS custom-css-editor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Custom CSS: from n/a through = 1.4.0...
EUVD-2021-11846
Malware in sbrugna...
EUVD-2017-16773
Malware in sbrugna...
EUVD-2018-16892
Malware in sbrugna...
EUVD-2022-36997
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2017-7798
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Developer Tools feature suffers from a XUL injection vulnerability due to improper sanitization of the web page source code. In the worst case, this could...
CVE-2022-33961
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in WaspThemes Visual CSS Style Editor plugin = 7.5.8 versions...
CVE-2021-24934
The Visual CSS Style Editor WordPress plugin before 7.5.4 does not sanitise and escape the wyppagetype parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting issue...
CVE-2024-47348
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in YellowPencil YellowPencil Visual CSS Style Editor yellow-pencil-visual-theme-customizer allows Reflected XSS.This issue affects YellowPencil Visual CSS Style Editor: from n/a through = 7.6.4...
CVE-2024-47348
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in YellowPencil YellowPencil Visual CSS Style Editor yellow-pencil-visual-theme-customizer allows Reflected XSS.This issue affects YellowPencil Visual CSS Style Editor: from n/a through = 7.6.4...
CVE-2024-47348 WordPress Visual CSS Style Editor plugin <= 7.6.4 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in WaspThemes YellowPencil Visual CSS Style Editor allows Reflected XSS.This issue affects YellowPencil Visual CSS Style Editor: from n/a through 7.6.4...
WordPress Visual CSS Style Editor plugin <= 7.6.1 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Le Ngoc Anh Patchstack Alliance in WordPress Plugin YellowPencil Visual CSS Style Editor versions = 7.6.1...
WordPress YellowPencil Visual CSS Style Editor Plugin <= 7.6.1 is vulnerable to Cross Site Scripting (XSS)
Software YellowPencil Visual CSS Style Editor Type Plugin Vulnerable versions = 7.6.1 Fixed in 7.6.4 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-43963 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID c8ac87b1f76e Credits Le Ngoc Anh...
CVE-2022-33961
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in WaspThemes Visual CSS Style Editor plugin = 7.5.8 versions...
CVE-2022-33961
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in WaspThemes Visual CSS Style Editor plugin = 7.5.8 versions...
Cross site scripting
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in WaspThemes Visual CSS Style Editor plugin = 7.5.8 versions...
CVE-2022-33961
CVE-2022-33961 is an admin+ authenticated Stored XSS in the WordPress YellowPencil Visual CSS Style Editor plugin (
WordPress plugin Visual CSS Style Editor 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
YellowPencil Visual CSS Style Editor < 7.5.9 - Admin+ Stored XSS
The plugin does not sanitise and escape some parameters, which could allow users with a role of Admin to perform Cross-Site Scripting attacks...