Description
Cross-site request forgery (CSRF) vulnerability in the TinyMCE Color Picker plugin before 1.2 for WordPress allows remote attackers to hijack the authentication of unspecified users for requests that change plugin settings via unknown vectors. NOTE: some of these details are obtained from third party information.
References (2)
Core 2
Core References
Product x_refsource_misc
http://wordpress.org/plugins/tinymce-colorpicker/changelog
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/58095
Scores
EPSS
0.0095
EPSS Percentile
57.1%
Details
CWE
CWE-352
Status
published
Products (1)
tinymce/color_picker
< 1.1
Published
May 22, 2014
Tracked Since
Feb 18, 2026