How severe is CVE-2024-3903?

CVE-2024-3903 has a CVSS v3 score of 7.1 (HIGH).

CVE-2024-3903

Name: add_custom_css_and_js
Author: technologicx

7.1HIGH

The Add Custom CSS and JS WordPress plugin through 1.20 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in as autho

Published: 5/14/2024Updated: 5/14/2025

Description

The Add Custom CSS and JS WordPress plugin through 1.20 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in as author and above add Stored XSS payloads via a CSRF attack

AI AnalysisPowered by AI

Affected Products

technologicxadd_custom_css_and_js

References

https://wpscan.com/vulnerability/0a0e7bd4-948d-47c9-9219-380bda9f3034/
ExploitThird Party Advisory
https://wpscan.com/vulnerability/0a0e7bd4-948d-47c9-9219-380bda9f3034/
ExploitThird Party Advisory