CVE-2014-3845

TinyMCE Color Picker < 1.1 - Cross-Site Request Forgery

Title source: llm
STIX 2.1

Description

Cross-site request forgery (CSRF) vulnerability in the TinyMCE Color Picker plugin before 1.2 for WordPress allows remote attackers to hijack the authentication of unspecified users for requests that change plugin settings via unknown vectors. NOTE: some of these details are obtained from third party information.

References (2)

Core 2
Core References
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/58095

Scores

EPSS 0.0095
EPSS Percentile 57.1%

Details

CWE
CWE-352
Status published
Products (1)
tinymce/color_picker < 1.1
Published May 22, 2014
Tracked Since Feb 18, 2026