CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-44243 – WordPress Instant CSS Plugin <= 1.2.1 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-44243
29 Sep 2023 — Cross-Site Request Forgery (CSRF) vulnerability in Dylan Blokhuis Instant CSS plugin <= 1.2.1 versions. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento Dylan Blokhuis Instant CSS en versiones <= 1.2.1. The Instant CSS plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.1. This is due to missing or incorrect nonce validation on several functions called via AJAX actions in the class.instantcss_ajax.php file. This makes it possible for... • https://patchstack.com/database/vulnerability/instant-css/wordpress-instant-css-plugin-1-2-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-38483 – WordPress Instant CSS plugin <= 1.1.4 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2023-38483
24 Jul 2023 — Missing Authorization vulnerability in Dylan Blokhuis Instant CSS allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Instant CSS: from n/a through 1.1.4. The Instant CSS plugin for WordPress is vulnerable to unauthorized access and modification of data due to missing capability checks on several functions called via AJAX actions in the ~/classes/class.instantcss_ajax.php file in versions up to, and including, 1.1.4. This makes it possible for authenticated attackers, ... • https://patchstack.com/database/wordpress/plugin/instant-css/vulnerability/wordpress-instant-css-plugin-1-1-4-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •