CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2025-47595 – WordPress Color Your Bar <= 2.0 - Cross Site Scripting (XSS) Vulnerability
https://notcve.org/view.php?id=CVE-2025-47595
07 May 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Darshan Saroya Color Your Bar allows Stored XSS. This issue affects Color Your Bar: from n/a through 2.0. The Color Your Bar plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web sc... • https://patchstack.com/database/wordpress/plugin/color-your-bar/vulnerability/wordpress-color-your-bar-2-0-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-23958 – WordPress Editor Wysiwyg Background Color plugin <= 1.0 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2025-23958
16 Apr 2025 — Missing Authorization vulnerability in FADI MED Editor Wysiwyg Background Color allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Editor Wysiwyg Background Color: from n/a through 1.0. The Editor Wysiwyg Background Color plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.0. This makes it possible for unauthenticated attackers to perform an unauthorized action. • https://patchstack.com/database/wordpress/plugin/editor-wysiwyg-background-color/vulnerability/wordpress-editor-wysiwyg-background-color-plugin-1-0-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2025-31464 – WordPress Text Selection Color <= 1.6 - Cross Site Scripting (XSS) Vulnerability
https://notcve.org/view.php?id=CVE-2025-31464
28 Mar 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nazmur Rahman Text Selection Color allows Stored XSS. This issue affects Text Selection Color: from n/a through 1.6. The Text Selection Color plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject... • https://patchstack.com/database/wordpress/plugin/text-selection-color/vulnerability/wordpress-text-selection-color-1-6-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-30577 – WordPress Browser Address Bar Color plugin <= 3.3 - Cross Site Request Forgery (CSRF) to Stored XSS Vulnerability
https://notcve.org/view.php?id=CVE-2025-30577
24 Mar 2025 — Cross-Site Request Forgery (CSRF) vulnerability in mendibass Browser Address Bar Color allows Stored XSS. This issue affects Browser Address Bar Color: from n/a through 3.3. The Browser Address Bar Color plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.3. This is due to missing or incorrect nonce validation on the babcThemeColorSettingsPage() function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scri... • https://patchstack.com/database/wordpress/plugin/browser-address-bar-color/vulnerability/wordpress-browser-address-bar-color-plugin-3-3-cross-site-request-forgery-csrf-to-stored-xss-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38427
https://notcve.org/view.php?id=CVE-2024-38427
16 Jun 2024 — In International Color Consortium DemoIccMAX before 85ce74e, a logic flaw in CIccTagXmlProfileSequenceId::ParseXml in IccXML/IccLibXML/IccTagXml.cpp results in unconditionally returning false. En International Color Consortium DemoIccMAX anterior a 85ce74e, una falla lógica en CIccTagXmlProfileSequenceId::ParseXml en IccXML/IccLibXML/IccTagXml.cpp da como resultado un retorno falso incondicional. • https://github.com/InternationalColorConsortium/DemoIccMAX/pull/66 • CWE-252: Unchecked Return Value •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-48736
https://notcve.org/view.php?id=CVE-2023-48736
18 Nov 2023 — In International Color Consortium DemoIccMAX 3e7948b, CIccCLUT::Interp2d in IccTagLut.cpp in libSampleICC.a has an out-of-bounds read. En International Color Consortium DemoIccMAX 3e7948b, CIccCLUT::Interp2d en IccTagLut.cpp en libSampleICC.a tiene una lectura fuera de los límites. • https://github.com/InternationalColorConsortium/DemoIccMAX/pull/58 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-47249
https://notcve.org/view.php?id=CVE-2023-47249
04 Nov 2023 — In International Color Consortium DemoIccMAX 79ecb74, a CIccXmlArrayType:::ParseText function (for unsigned short) in IccUtilXml.cpp in libIccXML.a has an out-of-bounds read. En International Color Consortium DemoIccMAX 79ecb74, una función CIccXmlArrayType:::ParseText (para abreviatura sin firmar) en IccUtilXml.cpp en libIccXML.a tiene una lectura fuera de los límites. • https://github.com/InternationalColorConsortium/DemoIccMAX/issues/54 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 2CVE-2023-46866
https://notcve.org/view.php?id=CVE-2023-46866
30 Oct 2023 — In International Color Consortium DemoIccMAX 79ecb74, CIccCLUT::Interp3d in IccProfLib/IccTagLut.cpp in libSampleICC.a attempts to access array elements at out-of-bounds indexes. En International Color Consortium DemoIccMAX 79ecb74, CIccCLUT::Interp3d en IccProfLib/IccTagLut.cpp en libSampleICC.a intenta acceder a elementos de matriz en índices fuera de los límites. • https://github.com/InternationalColorConsortium/DemoIccMAX/issues/54 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 2CVE-2023-46867
https://notcve.org/view.php?id=CVE-2023-46867
30 Oct 2023 — In International Color Consortium DemoIccMAX 79ecb74, CIccXformMatrixTRC::GetCurve in IccCmm.cpp in libSampleICC.a has a NULL pointer dereference. En International Color Consortium DemoIccMAX 79ecb74, CIccXformMatrixTRC::GetCurve en IccCmm.cpp en libSampleICC.a tiene una desreferencia de puntero NULL. • https://github.com/InternationalColorConsortium/DemoIccMAX/issues/54 • CWE-476: NULL Pointer Dereference •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-46602
https://notcve.org/view.php?id=CVE-2023-46602
23 Oct 2023 — In International Color Consortium DemoIccMAX 79ecb74, there is a stack-based buffer overflow in the icFixXml function in IccXML/IccLibXML/IccUtilXml.cpp in libIccXML.a. En International Color Consortium DemoIccMAX 79ecb74, hay un desbordamiento del búfer basado en pila en la función icFixXml en IccXML/IccLibXML/IccUtilXml.cpp en libIccXML.a. • https://github.com/InternationalColorConsortium/DemoIccMAX/pull/53 • CWE-787: Out-of-bounds Write •