cleantalk
Vulnerabilities and Security Researches

Vulnerabilities and security researches forultimate-tinymce ultimate-tinymce

Direction: ascending
Jun 07, 2024

Ultimate TinyMCE # CVE-2012-3414

CVE, Research URL

CVE-2012-3414

Home page URL

Security reports for Ultimate TinyMCE

Application

Ultimate TinyMCE

Date
Jul 19, 2013
Research Description
Cross-site scripting (XSS) vulnerability in swfupload.swf in SWFUpload 2.2.0.1 and earlier, as used in WordPress before 3.3.2, TinyMCE Image Manager 1.1, and other products, allows remote attackers to inject arbitrary web script or HTML via the movieName parameter, related to the "ExternalInterface.call" function.
Affected versions
Min -, max -.
Status
vulnerable

Ultimate TinyMCE # 00a2040ed21911627cb167da0c0200472755c1ae

CVE, Research URL

00a2040ed21911627cb167da0c0200472755c1ae

Home page URL

Security reports for Ultimate TinyMCE

Application

Ultimate TinyMCE

Date
May 15, 2015
Research Description
Ultimate TinyMCE [ultimate-tinymce] < 3.6 (closed) WordPress TinyMCE Plugin <= 3.5 - Cross Site Scripting Because of this vulnerability, the attackers can inject arbitrary JavaScript or HTML code. Update plugin.
Affected versions
Min -, max -.
Status
vulnerable
Oct 31, 2024

Ultimate TinyMCE # CVE-2024-8627

CVE, Research URL

CVE-2024-8627

Home page URL

Security reports for Ultimate TinyMCE

Application

Ultimate TinyMCE

Date
Oct 30, 2024
Research Description
The Ultimate TinyMCE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'field' shortcode in all versions up to, and including, 5.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
Min -, max -.
Status
vulnerable