Kv TinyMCE Editor Add Fonts <= 1.1 - Font List Update via CSRF

Description The plugin does not have CSRF check when updating its font list, which could allow attackers to make logged in admins perform such action via a CSRF attack...

CVE-2023-44470

Cross-Site Request Forgery CSRF vulnerability in Kvvaradha Kv TinyMCE Editor Add Fonts plugin = 1.1 versions...

CVE-2023-44470

Cross-Site Request Forgery CSRF vulnerability in Kvvaradha Kv TinyMCE Editor Add Fonts plugin = 1.1 versions...

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in Kvvaradha Kv TinyMCE Editor Add Fonts plugin = 1.1 versions...

CVE-2023-44470 WordPress Kv TinyMCE Editor Add Fonts Plugin <= 1.1 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in Kvvaradha Kv TinyMCE Editor Add Fonts plugin = 1.1 versions...

CVE-2023-44470 WordPress Kv TinyMCE Editor Add Fonts Plugin <= 1.1 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in Kvvaradha Kv TinyMCE Editor Add Fonts plugin = 1.1 versions...

CVE-2023-44470

CVE-2023-44470 describes a Cross-Site Request Forgery (CSRF) vulnerability in the Kv TinyMCE Editor Add Fonts plugin for WordPress, affecting versions

WordPress Plugin kv-tinymce-editor-fonts Cross-Site Request Forgery Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress Plugin...

PT-2023-29250 · Unknown · Kvvaradha Kv Tinymce Editor Add Fonts

Name of the Vulnerable Software and Affected Versions: Kvvaradha Kv TinyMCE Editor Add Fonts plugin versions = 1.1 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended actions...

WordPress Kv TinyMCE Editor Add Fonts Plugin <= 1.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software Kv TinyMCE Editor Add Fonts Type Plugin Vulnerable versions = 1.1 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-44470 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 229f3e0b60ce Credits Skalucy...

Exploit for External Control of File Name or Path in Moodle

CVE-2023-30943 Vulnerability Scanner This tool detects a vuln...

The vulnerability of the TinyMCE plugin in the virtual training environment Moodle, which allows a hacker to gain access to read, modify, or delete data.

The vulnerability of the TinyMCE plugin in the virtual training environment Moodle is related to incorrect external management of file names or file paths during data loading. Exploiting this vulnerability can allow an attacker to gain access to, read, modify, or delete data by sending specially...

GHSA-JXCX-3H54-QQXX SilverStripe CMS Cross-site Scripting vulnerabilities inherited from TinyMCE

TinyMCE 4.x is vulnerable to several XSS vectors, which had been patched in later versions. Two of these have been identified as affecting silverstripe/admin. Only Silverstripe CMS 4 is affected by these vulnerabilities. It's not possible to upgrade Silverstripe CMS 4 to use a more recent release...

SilverStripe CMS Cross-site Scripting vulnerabilities inherited from TinyMCE

TinyMCE 4.x is vulnerable to several XSS vectors, which had been patched in later versions. Two of these have been identified as affecting silverstripe/admin. Only Silverstripe CMS 4 is affected by these vulnerabilities. It's not possible to upgrade Silverstripe CMS 4 to use a more recent release...

PT-2023-33041 · Silverstripe · Silverstripe Cms

Name of the Vulnerable Software and Affected Versions: Silverstripe CMS version 4 TinyMCE versions 4.x Description: The issue concerns several XSS vectors in TinyMCE 4.x that have been patched in later versions. These vulnerabilities affect silverstripe/admin and, by extension, Silverstripe CMS 4...

Cross-site Scripting (XSS)

silverstripe/admin is vulnerable to Cross-site Scripting XSS. The vulnerability exists due to the TinyMCE dependency which does not properly validate user inputs, which allows an attacker to inject and execute malicious Javascript into the browser...

GHSA-4Q66-G4MM-8RG5 Silverstripe has Cross-site Scripting (XSS) vulnerabilities inherited from TinyMCE

TinyMCE 4.x is vulnerable to several XSS vectors, which had been patched in later versions. Two of these have been identified as affecting silverstripe/admin. Only Silverstripe CMS 4 is affected by this issue. It's not possible to upgrade Silverstripe CMS 4 to use a more recent release of TinyMCE...

Silverstripe has Cross-site Scripting (XSS) vulnerabilities inherited from TinyMCE

TinyMCE 4.x is vulnerable to several XSS vectors, which had been patched in later versions. Two of these have been identified as affecting silverstripe/admin. Only Silverstripe CMS 4 is affected by this issue. It's not possible to upgrade Silverstripe CMS 4 to use a more recent release of TinyMCE...

PT-2023-32976 · Silverstripe · Silverstripe Cms

Name of the Vulnerable Software and Affected Versions: Silverstripe CMS version 4 TinyMCE versions 4.x Description: The issue concerns several XSS vectors in TinyMCE 4.x that have been patched in later versions. Two of these vectors affect the silverstripe/admin module. The security patches from...

SS-2023-002 - Cross-site scripting (XSS) vulnerabilities inherited form TinyMCE

More info at https://www.silverstripe.org/download/security-releases/SS-2023-002...