WordPress Visual CSS Style Editor plugin <= 7.5.3 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by JrXnm in WordPress Visual CSS Style Editor plugin versions = 7.5.3. Solution Update the WordPress Visual CSS Style Editor plugin to the latest available version at least 7.5.4...

Visual CSS Style Editor < 7.5.4 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the wyppagetype parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting issue PoC https://example.com/wp-admin/admin.php?page=yellow-pencil-editor=1pageid=homepagetype=homemode=singlepagetype=...

WordPress WaspThemes Visual CSS Style Editor Plugin < 7.2.1 CSRF Vulnerability

The WordPress plugin Copyright C 2019 Greenbone Networks GmbH SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the...

CVE-2019-11886

The WaspThemes Visual CSS Style Editor aka yellow-pencil-visual-theme-customizer plugin before 7.2.1 for WordPress allows ypoptionupdate CSRF, as demonstrated by use of ypremoteget to obtain admin access...

Cross site request forgery (csrf)

The WaspThemes Visual CSS Style Editor aka yellow-pencil-visual-theme-customizer plugin before 7.2.1 for WordPress allows ypoptionupdate CSRF, as demonstrated by use of ypremoteget to obtain admin access...

CVE-2019-11886

The WaspThemes Visual CSS Style Editor aka yellow-pencil-visual-theme-customizer plugin before 7.2.1 for WordPress allows ypoptionupdate CSRF, as demonstrated by use of ypremoteget to obtain admin access...

CVE-2019-11886

The CVE-2019-11886 entry concerns the WordPress plugin Yellow Pencil Visual Theme Customizer (WaspThemes Visual CSS Style Editor) versions prior to 7.2.1. The vulnerability arises from yp_option_update CSRF, demonstrated via yp_remote_get, enabling an unauthenticated attacker to obtain administra...

CVE-2019-11886

The WaspThemes Visual CSS Style Editor aka yellow-pencil-visual-theme-customizer plugin before 7.2.1 for WordPress allows ypoptionupdate CSRF, as demonstrated by use of ypremoteget to obtain admin access...

WordPress YellowPencil Visual CSS Style Editor plugin <= 7.2.0 - Unauthenticated arbitrary Options update vulnerability

Unauthenticated arbitrary Options update vulnerability found in WordPress YellowPencil Visual CSS Style Editor plugin versions = 7.2.0. Solution 12 April 2019 - this plugin was closed and is no longer available for download...

YellowPencil Visual CSS Style Editor <= 7.2.0 - Unauthenticated Arbitrary Options Updates

The Visual CSS Style Editor WordPress plugin was affected by an Unauthenticated Arbitrary Options Updates security vulnerability...

VulnCheck KEV: CVE-2019-11886

The WaspThemes Visual CSS Style Editor aka yellow-pencil-visual-theme-customizer plugin before 7.2.1 for WordPress allows ypoptionupdate CSRF, as demonstrated by use of ypremoteget to obtain admin access...