Does Visual CSS Style Editor have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Visual CSS Style Editor compatible with WordPress 6.9.4?

According to WordPress.org data, Visual CSS Style Editor 7.6.7 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

How often is Visual CSS Style Editor updated?

Visual CSS Style Editor was last updated on Dec 6, 2025. Frequent updates are generally a positive security signal.

What is Visual CSS Style Editor's security score?

Visual CSS Style Editor has a WP-Safety security score of 94/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Visual CSS Style Editor Security & Risk Analysis

wordpress.org/plugins/yellow-pencil-visual-theme-customizer

Style your WordPress site visually. Discover the most popular front-end design plugin! Try live demo.

40K active installs v7.6.7 PHP + WP 4.0+ Updated Dec 6, 2025

csscss-editorcustomizedesignvisual-css

A · Safe

CVEs total5

Unpatched0

Last CVESep 30, 2024

Plugin page Download

Safety Verdict

Is Visual CSS Style Editor Safe to Use in 2026?

Generally Safe

Score 94/100

Visual CSS Style Editor has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

5 known CVEsLast CVE: Sep 30, 2024Updated 5mo ago

Risk Assessment

The Yellow Pencil Visual Theme Customizer plugin (v7.6.7) presents a mixed security profile. While it demonstrates good practices like a significant number of nonce and capability checks and a complete absence of unprotected REST API routes and shortcodes, the static analysis reveals some concerning areas. Notably, 34% of output is not properly escaped, posing a Cross-Site Scripting (XSS) risk, and one unsanitized path flow was detected in the taint analysis, which could lead to path traversal vulnerabilities. The plugin's vulnerability history is a significant concern, with 5 known CVEs, including one critical and four medium severity issues. The prevalence of XSS and missing authorization vulnerabilities in its history, combined with the unescaped output and unsanitized path flow found in the current analysis, suggests a recurring pattern of input sanitization and authorization weaknesses. While the lack of unprotected entry points and the use of prepared statements for most SQL queries are strengths, the historical vulnerability data and the identified code signals warrant caution.

Key Concerns

Output escaping is not properly handled for 66% of outputs
Taint analysis found one flow with unsanitized paths
Plugin has a history of 1 critical CVE
Plugin has a history of 4 medium CVEs
Common vulnerability type: Improper Neutralization of Input During Web Page Gene
Common vulnerability type: Missing Authorization

Vulnerabilities

5 published

Visual CSS Style Editor Security Vulnerabilities

CVEs by Year

1 CVE in 2019

2019

1 CVE in 2022

2022

1 CVE in 2023

2023

2 CVEs in 2024

2024

Patched Has unpatched

Severity Breakdown

Critical

Medium

5 total CVEs

CVE-2024-47348medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

YellowPencil Visual CSS Style Editor <= 7.6.4 - Reflected Cross-Site Scripting

Sep 30, 2024 Patched in 7.6.5 (11d)

CVE-2024-43963medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

YellowPencil Visual CSS Style Editor <= 7.6.1 - Reflected Cross-Site Scripting

Aug 26, 2024 Patched in 7.6.4 (10d)

CVE-2022-33961medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

YellowPencil Visual CSS Style Editor <= 7.5.8 - Reflected Cross-Site Scripting liveLink

Apr 18, 2023 Patched in 7.5.9 (280d)

CVE-2021-24934medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Visual CSS Style Editor <= 7.5.3 - Reflected Cross-Site Scripting via wyp_page_type parameter

Jan 3, 2022 Patched in 7.5.4 (750d)

CVE-2019-11886critical · 9.8Missing Authorization

Visual CSS Style Editor <= 7.2.0 - Unauthenticated Arbitrary Options Update

Apr 11, 2019 Patched in 7.2.1 (1748d)

Version History

Visual CSS Style Editor Release Timeline

No version history available.

Code Analysis

Analyzed Mar 16, 2026

Visual CSS Style Editor Code Analysis

Dangerous Functions

Raw SQL Queries

7 prepared

Unescaped Output

38 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

70% prepared10 total queries

Output Escaping

34% escaped111 total outputs

Data Flows · Security

1 unsanitized

Data Flow Analysis

13 flows1 with unsanitized paths

<editor> (editor\editor.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Visual CSS Style Editor Attack Surface

Entry Points9

Unprotected0

AJAX Handlers 9

authwp_ajax_wyp_add_animationyellow-pencil.php:192

authwp_ajax_wyp_unsplash_apiyellow-pencil.php:253

authwp_ajax_wyp_live_save_optionyellow-pencil.php:280

authwp_ajax_wyp_save_comments_optionyellow-pencil.php:371

authwp_ajax_wyp_check_licenseyellow-pencil.php:391

authwp_ajax_wyp_delete_stylesheet_liveyellow-pencil.php:499

authwp_ajax_wyp_preview_data_saveyellow-pencil.php:2060

authwp_ajax_wyp_ajax_saveyellow-pencil.php:2235

authwp_ajax_wyp_ajax_update_cssyellow-pencil.php:2257

WordPress Hooks 43

actionadmin_noticesadmin\settings.php:35

actionadmin_initadmin\settings.php:69

actionadmin_menuadmin\settings.php:216

filteradmin_footer_textadmin\settings.php:312

actionadmin_initadmin\settings.php:380

actionadmin_initadmin\settings.php:442

actioninityellow-pencil.php:168

actioninityellow-pencil.php:584

actioninityellow-pencil.php:683

actionadmin_footeryellow-pencil.php:856

actionadmin_enqueue_scriptsyellow-pencil.php:1002

actionadmin_menuyellow-pencil.php:1022

actionadmin_inityellow-pencil.php:1082

actionupdate_option_page_on_frontyellow-pencil.php:1109

actionupdate_option_page_for_postsyellow-pencil.php:1110

actionupdate_option_show_on_frontyellow-pencil.php:1111

actionlogin_headyellow-pencil.php:1202

actionwp_headyellow-pencil.php:1381

actionwp_headyellow-pencil.php:1434

actionwp_headyellow-pencil.php:1517

actionlogin_headyellow-pencil.php:1518

actioninityellow-pencil.php:1519

actionwp_headyellow-pencil.php:1889

actioninityellow-pencil.php:1890

filterbody_classyellow-pencil.php:2702

actionadmin_menuyellow-pencil.php:2733

actionload-admin_page_yellow-pencil-customize-typeyellow-pencil.php:2744

filterbody_classyellow-pencil.php:2779

actionadmin_bar_menuyellow-pencil.php:2790

actionwp_headyellow-pencil.php:2793

actionwp_enqueue_scriptsyellow-pencil.php:2801

actionlogin_enqueue_scriptsyellow-pencil.php:2802

actionwp_enqueue_scriptsyellow-pencil.php:2806

actionlogin_enqueue_scriptsyellow-pencil.php:2811

actioninityellow-pencil.php:2816

actionadmin_headyellow-pencil.php:2848

actionwp_enqueue_scriptsyellow-pencil.php:2941

actionwp_enqueue_scriptsyellow-pencil.php:2990

actionadmin_menuyellow-pencil.php:3003

actionload-admin_page_yellow-pencil-editoryellow-pencil.php:3014

filterplugin_row_metayellow-pencil.php:3091

actioninityellow-pencil.php:3275

actionadmin_inityellow-pencil.php:3737

Maintenance & Trust

Visual CSS Style Editor Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedDec 6, 2025

PHP min version

Downloads1.5M

Community Trust

Rating82/100

Number of ratings90

Active installs40K

Alternatives

Visual CSS Style Editor Alternatives

SiteOrigin CSS

so-css

100

Powerful, simple CSS editing for WordPress. Visual controls & real-time previews for effortless site customization.

100K No CVEs

Modular Custom CSS

modular-custom-css

WordPress core provides custom CSS functionality in the customizer that's specific to the current theme; you can switch themes freely with each t …

400 No CVEs

Multisite Custom CSS

multisite-custom-css

WordPress core provides custom CSS functionality in the customizer that's specific to the current theme; you can switch themes freely with each t …

100 No CVEs

Glamour – Visual CSS Styling Plugin

glamour

100

The most powerful and advance visual styling plugin. This plugin gives you to customize any page or post design without codding.

10 No CVEs

Simple Custom Code – Custom CSS, JS, and HTML, Visual CSS Customizer

appscreo-visual-css-customizer

100

Simple Custom Code lets you add unlimited CSS, JavaScript, and HTML snippets to WordPress with a live visual customizer, AI-powered generation, and ad …

0 No CVEs

Developer Profile

Visual CSS Style Editor Developer Profile

YellowPencil

3 plugins · 48K total installs

trust score

Avg Security Score

95/100

Avg Patch Time

746 days

View full developer profile

Detection Fingerprints

How We Detect Visual CSS Style Editor

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/yellow-pencil-visual-theme-customizer/editor/css/main.css/wp-content/plugins/yellow-pencil-visual-theme-customizer/editor/css/bootstrap.min.css/wp-content/plugins/yellow-pencil-visual-theme-customizer/editor/css/font-awesome.min.css/wp-content/plugins/yellow-pencil-visual-theme-customizer/editor/css/animate.min.css/wp-content/plugins/yellow-pencil-visual-theme-customizer/editor/css/responsive.css/wp-content/plugins/yellow-pencil-visual-theme-customizer/editor/css/bootstrap-select.css/wp-content/plugins/yellow-pencil-visual-theme-customizer/editor/css/bootstrap-slider.css/wp-content/plugins/yellow-pencil-visual-theme-customizer/editor/css/style.css+7 more

Script Paths

/wp-content/plugins/yellow-pencil-visual-theme-customizer/editor/js/main.js/wp-content/plugins/yellow-pencil-visual-theme-customizer/editor/js/tinymce/tinymce.min.js

Version Parameters

/wp-content/plugins/yellow-pencil-visual-theme-customizer/editor/css/main.css?ver=/wp-content/plugins/yellow-pencil-visual-theme-customizer/editor/css/bootstrap.min.css?ver=/wp-content/plugins/yellow-pencil-visual-theme-customizer/editor/css/font-awesome.min.css?ver=/wp-content/plugins/yellow-pencil-visual-theme-customizer/editor/css/animate.min.css?ver=/wp-content/plugins/yellow-pencil-visual-theme-customizer/editor/css/responsive.css?ver=/wp-content/plugins/yellow-pencil-visual-theme-customizer/editor/css/bootstrap-select.css?ver=/wp-content/plugins/yellow-pencil-visual-theme-customizer/editor/css/bootstrap-slider.css?ver=/wp-content/plugins/yellow-pencil-visual-theme-customizer/editor/css/style.css?ver=/wp-content/plugins/yellow-pencil-visual-theme-customizer/editor/js/bootstrap.min.js?ver=/wp-content/plugins/yellow-pencil-visual-theme-customizer/editor/js/jquery-ui.min.js?ver=/wp-content/plugins/yellow-pencil-visual-theme-customizer/editor/js/bootstrap-select.js?ver=/wp-content/plugins/yellow-pencil-visual-theme-customizer/editor/js/bootstrap-slider.js?ver=/wp-content/plugins/yellow-pencil-visual-theme-customizer/editor/js/main.js?ver=/wp-content/plugins/yellow-pencil-visual-theme-customizer/editor/js/tinymce/tinymce.min.js?ver=/wp-content/plugins/yellow-pencil-visual-theme-customizer/editor/js/jquery.js?ver=

HTML / DOM Fingerprints

CSS Classes

wyp-disable-canceled-pnled-pnl-topwf-close-btn-linkwyp-close-btnwyp-buttonwyp-save-btnwyp-disabled+14 more

HTML Comments

+5 more

Data Attributes

data-toggledata-placementtitledata-hrefdata-animation-namedata-animation-css+1 more

JS Globals

YellowPencilEditoryp_animationwyp_check_demo_mode

REST Endpoints

/wp-json/yellow-pencil/v1/settings/wp-json/yellow-pencil/v1/save-settings

FAQ