ThreatPress

WordPress Vulnerabilities Database

Back

WordPress YellowPencil Visual CSS Style Editor plugin <= 7.2.0 - Unauthenticated arbitrary Options update vulnerability

Product
YellowPencil Visual CSS Style Editor
Description
Unauthenticated arbitrary Options update vulnerability found in WordPress YellowPencil Visual CSS Style Editor plugin (versions <= 7.2.0).
Solution
12 April 2019 - this plugin was closed and is no longer available for download.
Classification
Type BYPASS
OWASP Top 10 A7: Missing Function Level Access Control
References
Plugin changelog
CVE
Name CVE-N/A
Versions
Affected In <= 7.2.0
Disclosure date
2019-04-12
Submitter
ThreatPress