Yellowpencil Visual Css Style Editor vulnerabilities
2 known vulnerabilities affecting yellowpencil/visual_css_style_editor.
Total CVEs
2
CISA KEV
0
Public exploits
2
Exploited in wild
1
Severity breakdown
HIGH1MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2019-11886P2HIGHCVSS 8.8ExploitedPoCfixed in 7.2.12019-05-13
CVE-2019-11886 [HIGH] CWE-352 CVE-2019-11886: The WaspThemes Visual CSS Style Editor (aka yellow-pencil-visual-theme-customizer) plugin before 7.2
The WaspThemes Visual CSS Style Editor (aka yellow-pencil-visual-theme-customizer) plugin before 7.2.1 for WordPress allows yp_option_update CSRF, as demonstrated by use of yp_remote_get to obtain admin access.
nvd
CVE-2021-24934P3MEDIUMCVSS 6.1PoCfixed in 7.5.42022-02-01
CVE-2021-24934 [MEDIUM] CWE-79 CVE-2021-24934: The Visual CSS Style Editor WordPress plugin before 7.5.4 does not sanitise and escape the wyp_page_
The Visual CSS Style Editor WordPress plugin before 7.5.4 does not sanitise and escape the wyp_page_type parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting issue
nvd