nextlevelbuilder ui-ux-pro-max-skill Tailwind Config Generator tailwind_config_gen.py _format_plugins code injection

5.3 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Description

A flaw has been found in nextlevelbuilder ui-ux-pro-max-skill up to 2.5.0. Affected by this vulnerability is the function _format_plugins of the file .claude/skills/ui-styling/scripts/tailwind_config_gen.py of the component Tailwind Config Generator. This manipulation causes code injection. The attack is possible to be carried out remotely. The exploit has been published and may be used. The project was informed of the problem early through a pull request but has not reacted yet.

Basic Information

ID CVE-2026-7595

Source VulDB

Published May 1, 2026 at 20:45

Affected Product

Vendor nextlevelbuilder

Product ui-ux-pro-max-skill

Version 2.0

Affected Versions nextlevelbuilder ui-ux-pro-max-skill 2.0
nextlevelbuilder ui-ux-pro-max-skill 2.1
nextlevelbuilder ui-ux-pro-max-skill 2.2
nextlevelbuilder ui-ux-pro-max-skill 2.3
nextlevelbuilder ui-ux-pro-max-skill 2.4
nextlevelbuilder ui-ux-pro-max-skill 2.5.0

CWE Classification

CWE-94 CWE-74

References

{
    "lastseen": "",
    "description": "A flaw has been found in nextlevelbuilder ui-ux-pro-max-skill up to 2.5.0. Affected by this vulnerability is the function _format_plugins of the file .claude/skills/ui-styling/scripts/tailwind_config_gen.py of the component Tailwind Config Generator. This manipulation causes code injection. The attack is possible to be carried out remotely. The exploit has been published and may be used. The project was informed of the problem early through a pull request but has not reacted yet.",
    "published": "2026-05-01T20:45:10.767Z",
    "modified": "2026-05-01T20:45:10.767Z",
    "type": "cve",
    "title": "nextlevelbuilder ui-ux-pro-max-skill Tailwind Config Generator tailwind_config_gen.py _format_plugins code injection",
    "source": "VulDB",
    "references": "https://vuldb.com/vuln/360548\nhttps://vuldb.com/vuln/360548/cti\nhttps://vuldb.com/submit/805509\nhttps://github.com/nextlevelbuilder/ui-ux-pro-max-skill/issues/246\nhttps://github.com/nextlevelbuilder/ui-ux-pro-max-skill/pull/275\nhttps://github.com/nextlevelbuilder/ui-ux-pro-max-skill/",
    "id": "CVE-2026-7595",
    "bulletinFamily": "",
    "cwe": [
        "CWE-94",
        "CWE-74"
    ],
    "cvelist": null,
    "sourceData": "nextlevelbuilder ui-ux-pro-max-skill 2.0\nnextlevelbuilder ui-ux-pro-max-skill 2.1\nnextlevelbuilder ui-ux-pro-max-skill 2.2\nnextlevelbuilder ui-ux-pro-max-skill 2.3\nnextlevelbuilder ui-ux-pro-max-skill 2.4\nnextlevelbuilder ui-ux-pro-max-skill 2.5.0",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "ui-ux-pro-max-skill",
    "version": "2.0",
    "vendor": "nextlevelbuilder",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

nextlevelbuilder ui-ux-pro-max-skill Tailwind Config Generator tailwind_config_gen.py _format_plugins code injection_CVE-2026-7595