Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-3845

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2014-3845
Last Modified 27 Jun 2014 12:51:18
Published 22 May 2014 11:13:05
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2014-3845

Summary

Cross-site request forgery (CSRF) vulnerability in the TinyMCE Color Picker plugin before 1.2 for WordPress allows remote attackers to hijack the authentication of unspecified users for requests that change plugin settings via unknown vectors. NOTE: some of these details are obtained from third party information.

Vulnerable Systems

Application

  • Tinymce Color Picker 1.1


References

MISC - http://wordpress.org/plugins/tinymce-colorpicker/changelog

SECUNIA - 58095


Last Updated: 27 May 2016 11:05:24