CSS Hero < 4.07 – Authenticated Reflected XSS | CVE 2019-19133

Affects Plugins

css-hero

Fixed in 4.07

References

CVE

CVE-2019-19133

URL

https://seclists.org/fulldisclosure/2019/Dec/6

URL

https://www.csshero.org/css-hero-4-07-is-here/

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

CVSS

6.1 (medium)

Miscellaneous

Original Researcher

Cary Hooper

Verified

No

WPVDB ID

d947fb16-33f3-41bb-98e8-26010023c27f

Timeline

Publicly Published

2019-12-02 (about 6 years ago)

Added

2019-12-04 (about 6 years ago)

Last Updated

2020-09-22 (about 5 years ago)

Other

Published

Title

Published

2025-01-21

Title

XML for Google Merchant Center < 3.0.12 - Reflected Cross-Site Scripting

Published

2023-05-10

Title

Seo By 10Web < 1.2.7 - Admin+ Stored XSS

Published

2023-04-29

Title

I Recommend This < 3.9.0 - Admin+ Stored XSS

Published

2025-04-01

Title

Team Members for Elementor Page Builder <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting

Published

2021-10-25

Title

Ninja Tables < 4.1.8 - Admin+ Stored Cross-Site Cross-Site Scripting