CSRF Vulnerability in TinyMCE Color Picker Plugin for WordPress
CVE-2014-3845

Currently unrated

Key Information:

Vendor: Wordpress
Status: Color Picker
Vendor: CVE Published:; 22 May 2014

What is CVE-2014-3845?

The TinyMCE Color Picker plugin for WordPress is susceptible to a Cross-site Request Forgery (CSRF) vulnerability. This flaw allows remote attackers to exploit the plugin by hijacking the authentication of users, enabling them to send unauthorized requests that modify the plugin's settings without proper user consent. The risk arises from inadequate server-side validation of requests initiated by the users, creating potential security breaches if exploited. Users are encouraged to update to version 1.2 or later to mitigate this vulnerability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://wordpress.org/plugins/tinymce-colorpicker/changelog

x_refsource_MISC

http://secunia.com/advisories/58095

third-party-advisoryx_refsource_SECUNIA

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
May 22, 2014

JSON

Wordpress

What is CVE-2014-3845?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

References

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.