Vulnerabilities and security researches forwp-admin-ui-customize wp-admin-ui-customize

Nov 28, 2024

CVE, Research URL: CVE-2024-53278
Home page URL: Security reports for WP Admin UI Customize
Application: WP Admin UI Customize
Date: Nov 26, 2024
Research Description: Cross-site scripting vulnerability exists in WP Admin UI Customize versions prior to ver 1.5.14. If a malicious admin user customizes the admin screen with some malicious contents, an arbitrary script may be executed on the web browser of the other users who are accessing the admin screen.
Affected versions: Min -, max -.
Status: vulnerable

Jun 07, 2024

CVE, Research URL: CVE-2022-3824
Home page URL: Security reports for WP Admin UI Customize
Application: WP Admin UI Customize
Date: Nov 28, 2022
Research Description: The WP Admin UI Customize WordPress plugin before 1.5.13 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
Affected versions: Min -, max -.
Status: vulnerable