Chameleon Css Project

chameleon_css_project

1 CVE • 1 product

Products (1)

Click to collapse

Toggle

Chameleon Css

chameleon_css

1 CVE

CVEs (1)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2021-24626 1Chameleon Css Project 1Chameleon Css Jun 17, 2026 Nov 8, 2021 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 The Chameleon CSS WordPress plugin through 1.2 does not have any CSRF and capability checks in all its AJAX calls, allowing any authenticated user, such as subscriber to call them and perform unauthorised actions. One of...Show more The Chameleon CSS WordPress plugin through 1.2 does not have any CSRF and capability checks in all its AJAX calls, allowing any authenticated user, such as subscriber to call them and perform unauthorised actions. One of AJAX call, remove_css, also does not sanitise or escape the css_id POST parameter before using it in a SQL statement, leading to a SQL InjectionShow less

CVE

VENDORS

PRODUCTS

UPDATED

PUBLISHED

CVSS

CVE-2021-24626

1Chameleon Css Project

1Chameleon Css

Jun 17, 2026

Nov 8, 2021

N/A· v4

8.8 HIGH· v3

6.5 MEDIUM· v2

The Chameleon CSS WordPress plugin through 1.2 does not have any CSRF and capability checks in all its AJAX calls, allowing any authenticated user, such as subscriber to call them and perform unauthorised actions. One of AJAX call, remove_css, also does not sanitise or escape the css_id POST parameter before using it in a SQL statement, leading to a SQL InjectionShow less