2 results (0.004 seconds)

CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0

CVE-2014-3845 – TinyMCE Color Picker < 1.2 - Cross-Site Request Forgery

https://notcve.org/view.php?id=CVE-2014-3845

01 May 2014 — Cross-site request forgery (CSRF) vulnerability in the TinyMCE Color Picker plugin before 1.2 for WordPress allows remote attackers to hijack the authentication of unspecified users for requests that change plugin settings via unknown vectors. NOTE: some of these details are obtained from third party information. Vulnerabilidad de CSRF en el plugin TinyMCE Color Picker anterior a 1.2 para WordPress permite a atacantes remotos secuestrar la autenticación de usuarios no especificados para solicitudes que camb... • http://secunia.com/advisories/58095 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0

CVE-2014-3844 – TinyMCE Color Picker <= 1.1 - Missing Authorization

https://notcve.org/view.php?id=CVE-2014-3844

28 Apr 2014 — The TinyMCE Color Picker plugin before 1.2 for WordPress does not properly check permissions, which allows remote attackers to modify plugin settings via unspecified vectors. NOTE: some of these details are obtained from third party information. El plugin TinyMCE Color Picker anterior a 1.2 para WordPress no comprueba debidamente permisos, lo que permite a atacantes remotos modificar configuraciones de plugin a través de vectores no especificados. NOTA: algunos de estos detalles se obtienen de información d... • http://secunia.com/advisories/58095 • CWE-264: Permissions, Privileges, and Access Controls CWE-862: Missing Authorization •