MidnightBSD

Advisories for waspthemes

CVE-2019-5984 MEDIUM

Cross-site request forgery (CSRF) vulnerability in Custom CSS Pro 1.0.3 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
waspthemes custom_css_pro *
CVE-2022-33961

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WaspThemes Visual CSS Style Editor plugin <= 7.5.8 versions.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
audit@patchstack.com 4.0 MEDIUM CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:N 1.0 2.7

Products Affected

Vendor Product Version
waspthemes visual_css_style_editor *