VYPR

Custom CSS\, Js \& PHP

by Wpfactory

CVEs (2)

  • CVE-2025-39601CriApr 16, 2025
    risk 0.62cvss 9.6epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in WPFactory Custom CSS, JS & PHP custom-css allows Remote Code Inclusion.This issue affects Custom CSS, JS & PHP: from n/a through <= 2.4.1.

  • CVE-2021-4418MedOct 20, 2023
    risk 0.28cvss 4.3epss 0.00

    The Custom CSS, JS & PHP plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.7. This is due to missing or incorrect nonce validation on the save() function. This makes it possible for unauthenticated attackers to save code…