CVE-2026-7595
nextlevelbuilder ui-ux-pro-max-skill Tailwind Config Generator tailwind_config_gen.py _format_plugins code injection
CVSS Score
6.3
EPSS Score
0.0%
EPSS Percentile
0th
A flaw has been found in nextlevelbuilder ui-ux-pro-max-skill up to 2.5.0. Affected by this vulnerability is the function _format_plugins of the file .claude/skills/ui-styling/scripts/tailwind_config_gen.py of the component Tailwind Config Generator. This manipulation causes code injection. The attack is possible to be carried out remotely. The exploit has been published and may be used. The project was informed of the problem early through a pull request but has not reacted yet.
| CWE | CWE-94 CWE-74 |
| Vendor | nextlevelbuilder |
| Product | ui-ux-pro-max-skill |
| Published | May 1, 2026 |
Stay Ahead of the Next One
Get instant alerts for nextlevelbuilder ui-ux-pro-max-skill
Be the first to know when new medium vulnerabilities affecting nextlevelbuilder ui-ux-pro-max-skill are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
nextlevelbuilder / ui-ux-pro-max-skill
2.0 2.1 2.2 2.3 2.4 2.5.0
References
vuldb.com: https://vuldb.com/vuln/360548 vuldb.com: https://vuldb.com/vuln/360548/cti vuldb.com: https://vuldb.com/submit/805509 github.com: https://github.com/nextlevelbuilder/ui-ux-pro-max-skill/issues/246 github.com: https://github.com/nextlevelbuilder/ui-ux-pro-max-skill/pull/275 github.com: https://github.com/nextlevelbuilder/ui-ux-pro-max-skill/
Credits
๐ Yu-Bao (VulDB User) VulDB CNA Team