WordPress Plugin Vulnerabilities

safe-editor <= 1.1 - Unauthenticated CSS/JS-injection

Description

When saving JS/CSS in this plugin then both private and public ajax-hooks are being used. Because of this anyone can post JS/CSS that are saved to the db and printed to the head and footer portion of the page.

Proof of Concept

Affects Plugins

Plugin icon
safe-editor
Fixed in 1.2

References

CVE
CVE-2016-10976
URL
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=1416364%40safe-editor%2Ftrunk&old=1067776%40safe-editor%2Ftrunk

Classification

Type
AUTHBYPASS
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-287
CVSS
6.1 (medium)

Miscellaneous

Submitter
Robert Sæther
Submitter twitter
robsat91
Verified
No
WPVDB ID
070648aa-9928-425d-a189-9ae3481f3875

Timeline

Publicly Published
2016-05-06 (about 10 years ago)
Added
2016-05-17 (about 9 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2024-08-09
Title
WooCommerce - Social Login < 2.7.6 - Authentication Bypass to Account Takeover
Published
2019-10-14
Title
Popup-Maker < 1.8.13 - Multiple Vulnerabilities
Published
2026-02-26
Title
Japanized for WooCommerce < 2.8.5 - Missing Authorization to Unauthenticated Paidy Order Manipulation
Published
2025-01-13
Title
Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction < 2.13.8 - Authentication Bypass via pms_payment_id
Published
2023-05-17
Title
MStore API < 3.9.1 - Authentication Bypass