5 matches found
Yellow Pencil Visual Theme Customizer < 7.2.1 - Privilege Escalation
The WaspThemes Visual CSS Style Editor aka yellow-pencil-visual-theme-customizer plugin before 7.2.1 for WordPress allows ypoptionupdate CSRF, as demonstrated by use of ypremoteget to obtain admin access. id: CVE-2019-11886 info: name: Yellow Pencil Visual Theme Customizer 7.2.1 - Privilege...
WordPress Yellow Pencil Plugin Privilege Escalation
An Option Update vulnerability exists in WordPress Yellow Pencil Plugin. Successful exploitation of this vulnerability could lead to modification of any options of the affected site...
Yellow Pencil Visual Theme Customizer Plugin for WordPress < 7.2.1 Privilege Escalation
The WordPress Yellow Pencil Visual Theme Customizer Plugin installed on the remote host is affected by a privilege escalation vulnerability due to 'ypremotegetfirst' function. An unauthenticated, remote attacker can leverage this issue to perform WordPress actions that were restricted to...
Wordpress Yellow Pencil Plugin Flaws Actively Exploited
The maker of a WordPress plugin, Yellow Pencil Visual Theme Customizer, is asking all users to immediately update after it was discovered to have software vulnerabilities that are being actively exploited. The attacker exploiting these flaws has been behind several other recent plugin attacks the...
Discourse: Stored XSS in "post last edited" option
There are two users: Attacker and Victim. 2. Attacker starts a private talk via private message with the Victim. 3. Attacker send a message to Victim, then he edits it or deletes it. 4. Victim sees the yellow pencil, symbol of the edit. 5. Victim clicks on yellow pencil to see the edit and the...