Yellow Pencil Visual Theme Customizer < 7.2.1 - Privilege Escalation

The WaspThemes Visual CSS Style Editor aka yellow-pencil-visual-theme-customizer plugin before 7.2.1 for WordPress allows ypoptionupdate CSRF, as demonstrated by use of ypremoteget to obtain admin access. id: CVE-2019-11886 info: name: Yellow Pencil Visual Theme Customizer 7.2.1 - Privilege...

CVE-2026-8424

The Remove Yellow BGBOX plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the 'rybbapisettings' page. This makes it possible for unauthenticated attackers to reset the plugin's stored...

CVE-2026-8424

The Remove Yellow BGBOX plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the 'rybbapisettings' page. This makes it possible for unauthenticated attackers to reset the plugin's stored...

WordPress plugin Remove Yellow BGBOX 跨站请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

WordPress Remove Yellow BGBOX plugin <= 1.0 - Cross-Site Request Forgery vulnerability

Cross-Site Request Forgery vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin Remove Yellow BGBOX versions = 1.0...

Security-Team---Workspace-

🛡️ Security Team Workspace El primer framework de cibersegur...

CVE-2018-10726

A stored XSS vulnerability was found in Datenstrom Yellow 0.7.3 via an "Edit page" action. NOTE: the vendor disputes the relevance of this report because an installation accessible to untrusted users is supposed to have parserSafeMode=1 in system/config/config.ini to prevent XSS...

EUVD-2025-120021

Malicious code in imperialchipmunkyellow-21 npm...

EUVD-2025-117242

Malicious code in massive-yellow-marten npm...

EUVD-2025-117094

Malicious code in silly-yellow-mammal npm...

EUVD-2025-117211

Malicious code in neat-yellow-flyingfish npm...

EUVD-2025-117494

Malicious code in chemical-yellow-gazelle npm...

EUVD-2025-117326

Malicious code in historical-yellow-walrus npm...

EUVD-2025-117079

Malicious code in spare-yellow-cow npm...

EUVD-2025-117146

Malicious code in puzzled-yellow-sole npm...

EUVD-2025-117504

Malicious code in bright-yellow-ermine npm...

Malicious code in massive-yellow-marten (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 347c0a4bc6c6dc50164f4938053abfe0fb420772bc5eb18e843d0551531f3155 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in spare-yellow-cow (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fac9fe13b222cf34787fe46db80eee50175081d57e34c9adecc138f5c77cbfda This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-74472

Malicious code in manualyakyellow-29 npm...

EUVD-2025-74103

Malicious code in visitingcephalopodyellow-50 npm...