← Back

Visual Css Style Editor

visual_css_style_editor

Vendor: Yellowpencil • 2 CVEs

CVEs (2)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2021-24934
1Yellowpencil
1Visual Css Style Editor
Jun 17, 2026
Feb 1, 2022
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
The Visual CSS Style Editor WordPress plugin before 7.5.4 does not sanitise and escape the wyp_page_type parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting issue
CVE-2019-11886
1Yellowpencil
1Visual Css Style Editor
Jun 17, 2026
May 13, 2019
N/A· v4
8.8 HIGH· v3
6.8 MEDIUM· v2
The WaspThemes Visual CSS Style Editor (aka yellow-pencil-visual-theme-customizer) plugin before 7.2.1 for WordPress allows yp_option_update CSRF, as demonstrated by use of yp_remote_get to obtain admin access.