CSS & JavaScript Toolbox
Moderate fix1 remedy
cpe:2.3:a:wipeoutmedia:css_&_javascript_toolbox:*:*:*:*:wordpress:*:*
Moderate fix1 remedy
- <= 12.0.5
CSS and JavaScript Toolbox Stored Cross-Site Scripting Vulnerability
Vulnerability
Patched
A stored cross-site scripting vulnerability has been identified in the CSS & JavaScript Toolbox plugin for WordPress, affecting all versions through 12.0.5. The issue arises from inadequate input sanitization and output escaping, allowing authenticated attackers with administrator-level permissions to inject arbitrary scripts. These scripts are executed when users access the affected pages. This vulnerability is present in multi-site installations where unfiltered_html has been disabled.
Impact
Exploitation of this vulnerability allows for stored cross-site scripting, where injected scripts are executed in the context of the user viewing the affected page.
Reproduction
To reproduce this vulnerability, an authenticated user with administrator-level permissions can inject scripts through the admin settings of the CSS & JavaScript Toolbox plugin. The injected scripts will be executed when the corresponding page is accessed.
Remediation
Users are advised to update the CSS & JavaScript Toolbox plugin to version 12.0.6 or later.
Added: Nov 1, 2025, 4:19 AM
Updated: Nov 1, 2025, 4:19 AM
Vulnerability Rating
Custom Algorithm
spread
1.0impact
1.7exploitability
6.0remediation
7.7relevance
0.9threat
4.8urgency
2.9incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.