CVE-2014-3844

Published: May 22, 2014Modified: May 6, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

The TinyMCE Color Picker plugin before 1.2 for WordPress does not properly check permissions, which allows remote attackers to modify plugin settings via unspecified vectors. NOTE: some of these details are obtained from third party information.

Affected (1)

Products: Tinymce: Color Picker

Tinymce

1 product

Color Picker

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Tinymce Color Picker	Up to 1.1

Running on/with	Platform Versions
Wordpress Wordpress	All versions

Related CWEs

CWE-264

References (4)

http://secunia.com/advisories/58095

Source: cve@mitre.org

http://wordpress.org/plugins/tinymce-colorpicker/changelog

Source: cve@mitre.org

http://secunia.com/advisories/58095

Source: af854a3a-2127-422b-91ae-364da2661108

http://wordpress.org/plugins/tinymce-colorpicker/changelog

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.