Vulnerabilities > CVE-2022-1217 - Unspecified vulnerability in Custom Tinymce Shortcode Button Project Custom Tinymce Shortcode Button 1.1

CVSS 6.1 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

LOW

Integrity impact

LOW

Availability impact

NONE

network

low complexity

custom-tinymce-shortcode-button-project

NVD

Published: 2022-05-16

Updated: 2024-11-21

Summary

The Custom TinyMCE Shortcode Button WordPress plugin through 1.1 does not sanitise and escape the PHP_SELF variable before outputting it back in an attribute in an admin page, leading to Reflected Cross-Site Scripting.

Vulnerable Configurations

Part	Description	Count
Application	Custom_Tinymce_Shortcode_Button_Project Custom Tinymce Shortcode Button Project Custom Tinymce Shortcode Button - Custom Tinymce Shortcode Button Project Custom Tinymce Shortcode Button 1.1	2

References

https://wpscan.com/vulnerability/15875f52-7a49-44c7-8a36-b49ddf37c20c
https://wpscan.com/vulnerability/15875f52-7a49-44c7-8a36-b49ddf37c20c