Primary

Context

Live CSS Preview WordPress Plugin Missing Authorization Vulnerability in Versions Through 2.0.0

Vulnerability

A vulnerability exists in the Live CSS Preview plugin for WordPress, all versions through 2.0.0, allowing unauthorized data modification. This issue arises from a missing capability check on the 'wp_ajax_frontend_save' AJAX endpoint. As a result, authenticated attackers with Subscriber-level access and above can manipulate the plugin's CSS settings.

Impact

Exploitation of this vulnerability allows authenticated users with Subscriber-level access and above to unauthorizedly modify the plugin's CSS settings.

Remediation

No known patch is available. It is recommended to review the vulnerability details and consider uninstalling the affected plugin.

Added: Dec 5, 2025, 7:20 AM

Updated: Dec 5, 2025, 7:20 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

5.2

remediation

0.0

relevance

1.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

5.2

remediation

0.0

relevance

1.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Live CSS Preview WordPress Plugin Missing Authorization Vulnerability in Versions Through 2.0.0

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating