cleantalk
Vulnerabilities and Security Researches

Add Custom CSS and JS, CVE-2024-3903

CVE, Research URL

CVE-2024-3903

Home page URL

Security reports for Add Custom CSS and JS

Application

Add Custom CSS and JS

Published on
May 14, 2024
Research Description
The Add Custom CSS and JS WordPress plugin through 1.20 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in as author and above add Stored XSS payloads via a CSRF attack
Affected versions
Min -, max 1.20.
Status
vulnerable
Previous vulnerability researches
Add Custom CSS and JS (CVE-2024-3903) , Jun 07, 2024
New vulnerability
WP Simple Booking Calendar (CVE-2025-39541) , Apr 20, 2025
WordPress Job Board and Recruitment Plugin – JobWP (CVE-2025-2010) , Apr 20, 2025
WP Logger (CVE-2025-39456) , Apr 20, 2025
visualslider Sldier (CVE-2025-23448) , Apr 20, 2025
RSS Manager (CVE-2025-39418) , Apr 20, 2025