cleantalk
Vulnerabilities and Security Researches

Live CSS Preview, CVE-2025-12354

CVE, Research URL

CVE-2025-12354

Home page URL

Security reports for Live CSS Preview

Application

Live CSS Preview

Published on
Dec 05, 2025
Research Description
The Live CSS Preview plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wp_ajax_frontend_save' AJAX endpoint in all versions up to, and including, 2.0.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update the plugin's css setting.
Affected versions
max 2.0.0.
Status
vulnerable
Previous vulnerability researches
Live CSS Preview (CVE-2025-12354) , Dec 10, 2025
New vulnerability
Contact Form Builder Plugin: Multi Step Contact Form, Payment Form, Custom Contact Form Plugin by Bit Form (CVE-2026-25418) , Feb 28, 2026
Image Photo Gallery Final Tiles Grid (CVE-2026-25375) , Feb 28, 2026
Share This Image (CVE-2026-25010) , Feb 28, 2026
Bold Page Builder (CVE-2026-25451) , Feb 28, 2026
Bold Page Builder (CVE-2025-13463) , Feb 28, 2026