Lucene search
HistoryMay 22, 2014 - 3:13 p.m.
CVE-2014-3845
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
7.2
Confidence
Low
EPSS
0.001
Percentile
41.2%
Cross-site request forgery (CSRF) vulnerability in the TinyMCE Color Picker plugin before 1.2 for WordPress allows remote attackers to hijack the authentication of unspecified users for requests that change plugin settings via unknown vectors. NOTE: some of these details are obtained from third party information.
Affected configurations
Node
tinymcecolor_pickerRange≤1.1
wordpresswordpressMatch-
| Vendor | Product | Version | CPE |
|---|---|---|---|
| tinymce | color_picker | * | cpe:2.3:a:tinymce:color_picker:*:*:*:*:*:*:*:* |
| wordpress | wordpress | - | cpe:2.3:a:wordpress:wordpress:-:*:*:*:*:*:*:* |
Related
wpvulndb
wpvulndb
TinyMCE Color Picker 1.1 - tinymce-colorpicker.php Color Saving CSRF
2014-04-28 00:00:00
prion
prion
Cross site request forgery (csrf)
2014-05-22 15:13:00
patchstack
patchstack
WordPress TinyMCE Color Picker Plugin <= 1.1 - CSRF
2014-05-22 00:00:00
cvelist
cvelist
CVE-2014-3845
2014-05-22 15:00:00
cve
cve
CVE-2014-3845
2014-05-22 15:13:05
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
7.2
Confidence
Low
EPSS
0.001
Percentile
41.2%
Related for NVD:CVE-2014-3845