2 results (0.013 seconds)

CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0

Cross-site request forgery (CSRF) vulnerability in the TinyMCE Color Picker plugin before 1.2 for WordPress allows remote attackers to hijack the authentication of unspecified users for requests that change plugin settings via unknown vectors. NOTE: some of these details are obtained from third party information. Vulnerabilidad de CSRF en el plugin TinyMCE Color Picker anterior a 1.2 para WordPress permite a atacantes remotos secuestrar la autenticación de usuarios no especificados para solicitudes que cambian configuraciones de plugins a través de vectores desconocidos. NOTA: algunos de estos detalles se obtienen de información de terceras partes. Cross-site request forgery (CSRF) vulnerability in the TinyMCE Color Picker plugin before 1.2 for WordPress allows remote attackers to hijack the authentication of unspecified users for requests that change plugin settings via unknown vectors. • http://secunia.com/advisories/58095 http://wordpress.org/plugins/tinymce-colorpicker/changelog • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0

The TinyMCE Color Picker plugin before 1.2 for WordPress does not properly check permissions, which allows remote attackers to modify plugin settings via unspecified vectors. NOTE: some of these details are obtained from third party information. El plugin TinyMCE Color Picker anterior a 1.2 para WordPress no comprueba debidamente permisos, lo que permite a atacantes remotos modificar configuraciones de plugin a través de vectores no especificados. NOTA: algunos de estos detalles se obtienen de información de terceras partes. The TinyMCE Color Picker plugin before 1.2 for WordPress does not properly check permissions, which allows remote attackers to modify plugin settings via unspecified vectors. • http://secunia.com/advisories/58095 http://wordpress.org/plugins/tinymce-colorpicker/changelog • CWE-264: Permissions, Privileges, and Access Controls CWE-862: Missing Authorization •