Lucene search

K
wpvulndbWpvulndbWPVDB-ID:3D89AB3E-848E-447B-91C0-D7D5D2E5B788
HistoryOct 12, 2023 - 12:00 a.m.

Instant CSS < 1.1.5 - Subscriber+ Unauthorised AJAX Calls

2023-10-1200:00:00
wpscan.com
2
plugin
unauthorised
ajax
authenticated users
css data
stored xss

5.3 Medium

AI Score

Confidence

High

0 Low

EPSS

Percentile

0.0%

Description The plugin does not have authorisation in various AJAX actions, allowing any authenticated users, such as subscriber to call them and modify/access theme and CSS data for example. It could also lead to Stored XSS issues.

CPENameOperatorVersion
instant-csseq1.1.5

5.3 Medium

AI Score

Confidence

High

0 Low

EPSS

Percentile

0.0%

Related for WPVDB-ID:3D89AB3E-848E-447B-91C0-D7D5D2E5B788