WordPress Plugin Vulnerabilities

TinyMCE Custom Styles < 1.1.4 - Admin+ Stored Cross-Site Scripting

Description

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

Proof of Concept

Affects Plugins

Plugin icon
tinymce-custom-styles
Fixed in 1.1.4

References

CVE
CVE-2023-2967

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
3.5 (low)

Miscellaneous

Original Researcher
Yassir Sbai Fahim
Submitter
Yassir Sbai Fahim
Submitter website
https://iduzzel.com/
Submitter twitter
@iduzzel
Verified
Yes
WPVDB ID
9afec4aa-1210-4c40-b566-64e37acf2b64

Timeline

Publicly Published
2023-06-19 (about 2 years ago)
Added
2023-06-19 (about 2 years ago)
Last Updated
2023-06-19 (about 2 years ago)

Other

Published
Title
Published
2024-04-15
Title
Easy Textillate <= 2.02 - Authenticated(Contributor+) Stored Cross-Site Scripting
Published
2024-03-26
Title
Preview E-mails for WooCommerce < 2.2.2 - Reflected Cross-Site Scripting
Published
2024-03-01
Title
Gutenberg Blocks by Kadence Blocks < 3.2.24 - Contributor+ Stored XSS
Published
2016-07-29
Title
Clicky by Yoast <= 1.5 - Minor Security Improvements
Published
2025-01-24
Title
NOTICE BOARD BY TOWKIR <= 3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting