CVE-2024-3903

Name of the Vulnerable Software and Affected Versions Add Custom CSS and JS WordPress plugin versions 1.20 and earlier

Description The issue concerns the lack of CSRF checks in certain areas and missing sanitization as well as escaping in the plugin. This could allow attackers to make logged-in users with author or higher privileges add Stored XSS payloads via a CSRF attack.

Recommendations For Add Custom CSS and JS WordPress plugin versions 1.20 and earlier, consider disabling the plugin until a patch is available to prevent potential CSRF and XSS attacks. Restrict access to areas where custom CSS and JS can be added to minimize the risk of exploitation. Avoid using the plugin for adding custom scripts or styles until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.