Lucene search
K

5 matches found

Nuclei
Nuclei
added 9 hours ago10 views

Yellow Pencil Visual Theme Customizer < 7.2.1 - Privilege Escalation

The WaspThemes Visual CSS Style Editor aka yellow-pencil-visual-theme-customizer plugin before 7.2.1 for WordPress allows ypoptionupdate CSRF, as demonstrated by use of ypremoteget to obtain admin access. id: CVE-2019-11886 info: name: Yellow Pencil Visual Theme Customizer 7.2.1 - Privilege...

8.8CVSS7.2AI score0.0189EPSS
Exploits1References3
Check Point Advisories
Check Point Advisories
added 2019/04/28 12:0 a.m.2 views

WordPress Yellow Pencil Plugin Privilege Escalation

An Option Update vulnerability exists in WordPress Yellow Pencil Plugin. Successful exploitation of this vulnerability could lead to modification of any options of the affected site...

3.5AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2019/04/25 12:0 a.m.12 views

Yellow Pencil Visual Theme Customizer Plugin for WordPress < 7.2.1 Privilege Escalation

The WordPress Yellow Pencil Visual Theme Customizer Plugin installed on the remote host is affected by a privilege escalation vulnerability due to 'ypremotegetfirst' function. An unauthenticated, remote attacker can leverage this issue to perform WordPress actions that were restricted to...

8.8CVSS7.7AI score0.0189EPSS
Exploits1References4
ThreatPost
ThreatPost
added 2019/04/12 2:13 p.m.428 views

Wordpress Yellow Pencil Plugin Flaws Actively Exploited

The maker of a WordPress plugin, Yellow Pencil Visual Theme Customizer, is asking all users to immediately update after it was discovered to have software vulnerabilities that are being actively exploited. The attacker exploiting these flaws has been behind several other recent plugin attacks the...

7.5CVSS0.5AI score0.9927EPSS
Exploits45References9
Hacker One
Hacker One
added 2018/04/04 6:48 p.m.25 views

Discourse: Stored XSS in "post last edited" option

There are two users: Attacker and Victim. 2. Attacker starts a private talk via private message with the Victim. 3. Attacker send a message to Victim, then he edits it or deletes it. 4. Victim sees the yellow pencil, symbol of the edit. 5. Victim clicks on yellow pencil to see the edit and the...

1AI score
Exploits0
Rows per page
Query Builder