CSRF Vulnerability in TinyMCE Color Picker Plugin for WordPress
CVE-2014-3845

Currently unrated

Key Information:

Vendor: Wordpress
Status: Color Picker
Vendor: CVE Published:; 22 May 2014

Summary

The TinyMCE Color Picker plugin for WordPress is susceptible to a Cross-site Request Forgery (CSRF) vulnerability. This flaw allows remote attackers to exploit the plugin by hijacking the authentication of users, enabling them to send unauthorized requests that modify the plugin's settings without proper user consent. The risk arises from inadequate server-side validation of requests initiated by the users, creating potential security breaches if exploited. Users are encouraged to update to version 1.2 or later to mitigate this vulnerability.

References

http://wordpress.org/plugins/tinymce-colorpicker/changelog

x_refsource_MISC

http://secunia.com/advisories/58095

third-party-advisoryx_refsource_SECUNIA

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
May 22, 2014