← Back

Presscustomizr

presscustomizr

6 CVEs • 4 products

Products (4)

Click to collapse
Toggle
Hueman
hueman
2 CVEs
Customizr
customizr
2 CVEs
Nimble Page Builder
nimble_page_builder
1 CVE
Hueman Addons
hueman_addons
1 CVE

CVEs (6)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2024-35772
1Presscustomizr
1Hueman
Jun 17, 2026
Jun 21, 2024
N/A· v4
8.8 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in presscustomizr Hueman.This issue affects Hueman: from n/a through 3.7.24.
CVE-2024-35771
1Presscustomizr
1Customizr
Jun 17, 2026
Jun 21, 2024
N/A· v4
8.8 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in presscustomizr Customizr.This issue affects Customizr: from n/a through 4.4.21.
CVE-2020-36755
1Presscustomizr
1Customizr
Jun 17, 2026
Oct 20, 2023
N/A· v4
4.3 MEDIUM· v3
N/A· v2
The Customizr theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.3.0. This is due to missing or incorrect nonce validation on the czr_fn_post_fields_save() function. This...Show more
The Customizr theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.3.0. This is due to missing or incorrect nonce validation on the czr_fn_post_fields_save() function. This makes it possible for unauthenticated attackers to post fields via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.Show less
CVE-2020-36753
1Presscustomizr
1Hueman
Jun 17, 2026
Oct 20, 2023
N/A· v4
4.3 MEDIUM· v3
N/A· v2
The Hueman theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.6.3. This is due to missing or incorrect nonce validation on the save_meta_box() function. This makes it poss...Show more
The Hueman theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.6.3. This is due to missing or incorrect nonce validation on the save_meta_box() function. This makes it possible for unauthenticated attackers to save metabox data via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.Show less
CVE-2022-4784
1Presscustomizr
1Hueman Addons
Jun 17, 2026
Feb 21, 2023
N/A· v4
5.4 MEDIUM· v3
N/A· v2
The Hueman Addons WordPress plugin through 2.3.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the con...Show more
The Hueman Addons WordPress plugin through 2.3.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacksShow less
CVE-2022-0314
1Presscustomizr
1Nimble Page Builder
Jun 17, 2026
Apr 11, 2022
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
The Nimble Page Builder WordPress plugin before 3.2.2 does not sanitise and escape the preview-level-guid parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting