WordPress Plugin Vulnerabilities

TinyMCE Color Picker 1.1 - tinymce-colorpicker.php Color Saving CSRF

Description

The TinyMCE Color Picker WordPress plugin was affected by a tinymce-colorpicker.php Color Saving CSRF security vulnerability.

Affects Plugins

Plugin icon
tinymce-colorpicker
Fixed in 1.2

References

CVE
CVE-2014-3845

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352

Miscellaneous

Verified
No
WPVDB ID
74c31d8c-5236-4e18-842f-0ccaca4a58c1

Timeline

Publicly Published
2014-04-28 (about 12 years ago)
Added
2014-08-01 (about 11 years ago)
Last Updated
2019-10-21 (about 6 years ago)

Other

Published
Title
Published
2025-03-27
Title
Float menu < 6.1.3 - Cross-Site Request Forgery to Settings Update
Published
2025-01-16
Title
MDC YouTube Downloader <= 3.0.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting
Published
2025-02-24
Title
Woocommerce – Loi Hamon <= 1.1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting
Published
2025-12-19
Title
WP Hallo Welt <= 1.4. - Cross-Site Request Forgery to Stored Cross-Site Scripting
Published
2021-02-05
Title
Name Directory < 1.18 - Cross-Site Request Forgery (CSRF)