Description

WordPress Plugin Ultimate TinyMCE is prone to multiple unspecified vulnerabilities. No available information exists regarding these issues and their impact on a vulnerable website. WordPress Plugin Ultimate TinyMCE version 5.0 is vulnerable; prior versions may also be affected.

Remediation

Update to plugin version 5.1 or latest

References

https://wordpress.org/plugins/ultimate-tinymce/changelog/

Related Vulnerabilities

WordPress Plugin Securimage-WP-Fixed Cross-Site Scripting (3.5.4)

WordPress Plugin Contact Bank-Contact Form Builder for WordPress 'Label' Field Cross-Site Scripting (2.0.19)

WordPress Plugin Youzify-BuddyPress Community, User Profile, Social Network & Membership for WordPress SQL Injection (1.2.5)

Jboss EAP Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-10234)

ReviveAdserver URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2020-8143)

Severity

High

Tags

Missing Update