WordPress Plugin Vulnerabilities

TinyMCE Advanced < 4.2.3 - Setting Reset Cross-Site Request Forgery (CSRF)

Description

The Advanced Editor Tools (previously TinyMCE Advanced) WordPress plugin was affected by a Setting Reset Cross-Site Request Forgery (CSRF) security vulnerability.

Affects Plugins

Plugin icon
tinymce-advanced
Fixed in 4.2.3

References

URL
https://vexatioustendencies.com/wordpress-plugin-vulnerability-dump-part-2/

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352

Miscellaneous

Submitter
pvdl
Verified
No
WPVDB ID
99bc6cc8-75ac-4290-96fe-ac8be24528bf

Timeline

Publicly Published
2014-09-08 (about 11 years ago)
Added
2015-02-01 (about 11 years ago)
Last Updated
2019-10-27 (about 6 years ago)

Other

Published
Title
Published
2022-09-08
Title
wpForo Forum < 2.0.6 - Cross-Site Request Forgery
Published
2018-02-14
Title
Church Admin < 1.2550 - CSRF
Published
2025-04-09
Title
Foliopress WYSIWYG <= 2.6.18 - Cross-Site Request Forgery to Stored Cross-Site Scripting
Published
2023-11-28
Title
Razorpay for WooCommerce < 4.5.7 - Transfers Manipulation via CSRF
Published
2025-09-05
Title
Hide Real Download Path <= 1.6 - Cross-Site Request Forgery