TinyMCE Advanced 4.1 – Setting Reset CSRF | ww.wp.xz.cn

Resolved tommarshall
(@tommarshall)

10 years, 10 months ago

Hello,

Has this minor CSRF vulnerability been resolved?

https://wpvulndb.com/vulnerabilities/7775
https://vexatioustendencies.com/wordpress-plugin-vulnerability-dump-part-2/

Plugin Security Scanner is reporting the latest version of TinyMCE Advanced (currently 4.1.9) as vulnerable, and I can’t see any reference to the bug in the changelog.

Thanks,
Tom

https://ww.wp.xz.cn/plugins/tinymce-advanced/

Viewing 2 replies - 1 through 2 (of 2 total)

Art Project Group
(@artprojectgroup)

10 years, 10 months ago

The same problem here.

Kind regards.

Plugin Author Andrew Ozz
(@azaozz)

10 years, 9 months ago

This is not exploitable vulnerability, rather a “hardening”. Fixed in 4.2.3.

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘TinyMCE Advanced 4.1 – Setting Reset CSRF’ is closed to new replies.

2 replies
3 participants
Last reply from: Andrew Ozz
Last activity: 10 years, 9 months ago
Status: resolved