CVE-2024-25904 – WordPress TinyMCE Professional Formats and Styles Plugin <= 1.1.2 is vulnerable to Cross Site Request Forgery (CSRF)

https://notcve.org/view.php?id=CVE-2024-25904

Cross-Site Request Forgery (CSRF) vulnerability in David Stockl TinyMCE and TinyMCE Advanced Professsional Formats and Styles.This issue affects TinyMCE and TinyMCE Advanced Professsional Formats and Styles: from n/a through 1.1.2. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en David Stockl TinyMCE and TinyMCE Advanced Professsional Formats and Styles. Este problema afecta a TinyMCE and TinyMCE Advanced Professsional Formats and Styles: desde n/a hasta 1.1.2. The TinyMCE Professional Formats and Styles plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the 'bb_taps_backend_page ' function. • https://patchstack.com/database/vulnerability/tinymce-and-tinymce-advanced-professsional-formats-and-styles/wordpress-tinymce-and-tinymce-advanced-professsional-formats-and-styles-plugin-1-1-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •