ThreatPress

WordPress Vulnerabilities Database

Back

WordPress Safe Editor Plugin <= 1.1 - Multiple Vulnerabilities

Product
Safe Editor
Description
This plugin is prone to an unauthenticated CSS and JS injection. The attackers can inject whatever they want when "wp_footer" and "wp_head" is called, because "se_save" function is not sanitized.
Solution
Update the plugin.
Classification
Type BYPASS
OWASP Top 10 A2: Broken Authentication and Session Management
References
WordPress
CVE
Name CVE-N/A
Versions
Affected In <= 1.1
Fixed In 1.2
Disclosure date
2016-05-06
Submitter
ThreatPress