ThreatPress

WordPress Vulnerabilities Database

Back

WordPress CSS Hero plugin <= 4.03 - Authenticated Reflected Cross-Site Scripting (XSS) vulnerability

Product
CSS Hero
Description
Authenticated Reflected Cross-Site Scripting (XSS) vulnerability found by Cary Hooper in WordPress CSS Hero plugin (versions <= 4.03).
Solution
Update the WordPress CSS Hero plugin to the latest available version (at least 4.07).
Classification
Type XSS (Cross Site Scripting)
OWASP Top 10 A3: Cross Site Scripting (XSS)
References
Plugin changelog
CVE
Name CVE-2019-19133
Versions
Affected In <= 4.03
Fixed In 4.07
Disclosure date
2019-12-04
Credits
Cary Hooper
Submitter
ThreatPress