VYPR

Custom TinyMCE Shortcode Button

by WordPress

CVEs (1)

  • CVE-2022-1217MedMay 16, 2022
    risk 0.40cvss 6.1epss 0.01

    The Custom TinyMCE Shortcode Button WordPress plugin through 1.1 does not sanitise and escape the PHP_SELF variable before outputting it back in an attribute in an admin page, leading to Reflected Cross-Site Scripting.