Description
WordPress Plugin Crayon Syntax Highlighter is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently overwrite base themes with arbitrary CSS, which may lead to possible defacement of a website. WordPress Plugin Crayon Syntax Highlighter version 2.6.10 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 2.7.0 or latest
References
Related Vulnerabilities
Restlet Framework XML Injection (aka Blind XPath Injection) Vulnerability (CVE-2013-4221)
WordPress Plugin Header Enhancement Security Bypass (1.4.3)
PHP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2018-15132)
Drupal Core 6.x Remote Code Execution (6.0 - 6.38)
Oracle Database Server CVE-2013-3751 Vulnerability (CVE-2013-3751)