VYPR

Style Kits

by WordPress

CVEs (2)

  • CVE-2021-4401HigJul 1, 2023
    risk 0.50cvss 8.8epss 0.01

    The Style Kits plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.0. This is due to missing or incorrect nonce validation on the update_posts_stylekit() function. This makes it possible for unauthenticated attackers to update…

  • CVE-2026-6565MedMay 27, 2026
    risk 0.35cvss 6.4epss 0.00

    The Style Kits – Advanced Theme Styles for Elementor, Elementor Kits & Elementor Patterns plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the '/wp-json/agwp/v1/tokens/save' endpoint kit title parameter in versions up to, and including, 2.5.0 due to…