RSS   Vulnerabilities for
'Custom tinymce shortcode button'
   RSS

2022-05-16
 
CVE-2022-1217

CWE-79
 

 
The Custom TinyMCE Shortcode Button WordPress plugin through 1.1 does not sanitise and escape the PHP_SELF variable before outputting it back in an attribute in an admin page, leading to Reflected Cross-Site Scripting.

 


Copyright 2024, cxsecurity.com

 

Back to Top