CVE-2016-10877 – WP Editor <= 1.2.6.2 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2016-10877
The wp-editor plugin before 1.2.6.3 for WordPress has multiple XSS issues. El plugin wp-editor anterior a la versión 1.2.6.3 para WordPress tiene múltiples problemas de XSS. • https://wordpress.org/plugins/wp-editor/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2016-10885 – WP Editor < 1.2.6 - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2016-10885
The wp-editor plugin before 1.2.6 for WordPress has CSRF. El plugin wp-editor versiones anteriores a 1.2.6 para WordPress, presenta una vulnerabilidad de tipo CSRF. The WP Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to 1.2.6. This is due to missing or incorrect nonce validation on the save_settings() function, in addition to a few other functions. This makes it possible for unauthenticated attackers to modify the plugin's settings and upload files via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. • https://wordpress.org/plugins/wp-editor/#developers • CWE-352: Cross-Site Request Forgery (CSRF) •