Unauthenticated Remote Modification of TinyMCE Color Picker Plugin Settings

Unauthenticated Remote Modification of TinyMCE Color Picker Plugin Settings

CVE-2014-3844 · MEDIUM Severity

AV:N/AC:L/AU:N/C:N/I:P/A:N

The TinyMCE Color Picker plugin before 1.2 for WordPress does not properly check permissions, which allows remote attackers to modify plugin settings via unspecified vectors. NOTE: some of these details are obtained from third party information.

Learn more about our Wordpress Pen Testing.