WordPress Plugin Vulnerabilities

Custom CSS Pro <= 1.0.3 - CSRF & XSS

Description

The Custom CSS Pro WordPress plugin was affected by a CSRF & XSS security vulnerability.

Affects Plugins

Plugin icon
custom-css-pro
Fixed in 1.0.4

References

CVE
CVE-2019-5984
URL
https://jvn.jp/en/jp/JVN29933378/index.html
URL
https://plugins.trac.wordpress.org/changeset/2095889/custom-css-pro

Miscellaneous

Original Researcher
Dai Nakamura of Cryptography Laboratory
Submitter
Ryan Dewhurst
Submitter website
https://wpscan.io
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
650de847-023e-4879-a219-02f9dfdd53fe

Timeline

Publicly Published
2019-06-24 (about 6 years ago)
Added
2019-07-09 (about 6 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2019-07-03
Title
Visitors Traffic Real Time Statistics < 1.13 - CSRF to Stored XSS/SQLi
Published
2019-07-11
Title
One Click SSL <= 1.4.6 - Multiple Issues
Published
2019-06-10
Title
Online Lesson Booking <= 0.8.6 - CSRF & XSS
Published
2014-12-31
Title
twitterDash 2.1 - CSRF & XSS
Published
2016-12-14
Title
Podlove Podcast Publisher <= 2.3.15 - Multiple SQLi & XSS