Vulnerabilities and security researches forcss-javascript-toolbox css-javascript-toolbox
Direction: ascendingJun 06, 2024
CSS & JavaScript Toolbox # CVE-2023-50823
- CVE, Research URL
- Home page URL
- Application
- Date
- Dec 21, 2023
- Research Description
- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Wipeout Media CSS & JavaScript Toolbox allows Stored XSS.This issue affects CSS & JavaScript Toolbox: from n/a through 11.7.
- Affected versions
-
max 11.9.
- Status
-
vulnerable
CSS & JavaScript Toolbox # b90d810c-ed6c-41ad-b428-6c9b6947307f
- CVE, Research URL
- Home page URL
- Application
- Date
- -
- Research Description
- CSS & JavaScript Toolbox [css-javascript-toolbox] < 8.4.2 wpscan.com
- Affected versions
-
max 8.4.2.
- Status
-
vulnerable
Jul 25, 2025
CSS & JavaScript Toolbox # CVE-2025-3703
- CVE, Research URL
- Home page URL
- Application
- Date
- Aug 14, 2025
- Research Description
- Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in wipeoutmedia CSS & JavaScript Toolbox allows PHP Local File Inclusion. This issue affects CSS & JavaScript Toolbox: from n/a through n/a.
- Affected versions
-
max 12.0.3.
- Status
-
vulnerable
Nov 11, 2025
CSS & JavaScript Toolbox # CVE-2025-11928
- CVE, Research URL
- Home page URL
- Application
- Date
- Nov 01, 2025
- Research Description
- The CSS & JavaScript Toolbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 12.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
- Affected versions
-
max 12.0.6.
- Status
-
vulnerable