| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2025-62871 | WordPress Just TinyMCE Custom Styles plugin <= 1.2.1 - Cross Site Request Forgery (CSRF) vulnerability | Alex Prokopenko / JustCoded | Just TinyMCE Custom Styles | - | - | 2025-12-09 14:52:25 | Deep Dive |
| CVE-2025-1286 | Download HTML TinyMCE Button <= 1.2 - Reflected XSS | Unknown | Download HTML TinyMCE Button | - | - | 2025-05-15 20:07:26 | Deep Dive |
| CVE-2025-23439 | WordPress TinyMCE Extended Config plugin <= 0.1.0 - Reflected Cross Site Scripting (XSS) vulnerability | willshouse | TinyMCE Extended Config | High | 7.1 | 2025-03-03 13:30:03 | Deep Dive |
| CVE-2025-26582 | WordPress TinyMCE Advanced qTranslate fix editor problems plugin <= 1.0.0 - CSRF to Stored XSS vulnerability | Blackbam | TinyMCE Advanced qTranslate fix editor problems | High | 7.1 | 2025-02-13 13:53:08 | Deep Dive |
| CVE-2024-8627 | Ultimate TinyMCE <= 5.7 - Authenticated (Contributor+) Stored Cross-Site Scripting | josh401 | Ultimate TinyMCE | Medium | 6.4 | 2024-10-30 02:32:19 | Deep Dive |
| CVE-2022-4974 | Freemius SDK <= 2.4.2 - Missing Authorization Checks | dashlabsltd | YASR – Yet Another Star Rating Plugin for WordPress | Medium | 6.3 | 2024-10-16 06:43:30 | Deep Dive |
| CVE-2024-38357 | TinyMCE Cross-Site Scripting (XSS) vulnerability using noscript elements | tinymce | tinymce | Medium | 6.1 | 2024-06-19 20:03:50 | Deep Dive |
| CVE-2024-38356 | TinyMCE Cross-Site Scripting (XSS) vulnerability using noneditable_regexp option | tinymce | tinymce | Medium | 6.1 | 2024-06-19 20:03:48 | Deep Dive |
| CVE-2024-29881 | TinyMCE Cross-Site Scripting (XSS) vulnerability in handling external SVG files through Object or Embed elements | tinymce | tinymce | Medium | 4.3 | 2024-03-26 13:31:15 | Deep Dive |
| CVE-2024-29203 | TinyMCE Cross-Site Scripting (XSS) vulnerability in handling iframes | tinymce | tinymce | Medium | 4.3 | 2024-03-26 13:23:54 | Deep Dive |
| CVE-2024-25904 | WordPress TinyMCE Professional Formats and Styles Plugin <= 1.1.2 is vulnerable to Cross Site Request Forgery (CSRF) | David Stockl | TinyMCE and TinyMCE Advanced Professsional Formats and Styles | Medium | 4.3 | 2024-02-21 06:51:59 | Deep Dive |
| CVE-2023-48219 | Special characters in unescaped text nodes can trigger mXSS in TinyMCE | tinymce | tinymce | Medium | 6.1 | 2023-11-15 18:59:04 | Deep Dive |
| CVE-2023-45818 | Cross-site Scripting vulnerability in TinyMCE undo/redo, getContent API, resetContent API, and Autosave plugin | tinymce | tinymce | Medium | 6.1 | 2023-10-19 21:18:01 | Deep Dive |
| CVE-2023-45819 | Cross-site Scripting vulnerability in TinyMCE notificationManager.open API | tinymce | tinymce | Medium | 6.1 | 2023-10-19 21:13:07 | Deep Dive |
| CVE-2023-44470 | WordPress Kv TinyMCE Editor Add Fonts Plugin <= 1.1 is vulnerable to Cross Site Request Forgery (CSRF) | Kvvaradha | Kv TinyMCE Editor Add Fonts | Medium | 5.4 | 2023-10-10 13:59:01 | Deep Dive |
| CVE-2023-2967 | TinyMCE Custom Styles < 1.1.4 - Admin+ Stored Cross-Site Scripting | Unknown | TinyMCE Custom Styles | 中危 | - | 2023-07-10 12:41:11 | Deep Dive |
| CVE-2023-23995 | WordPress TinyMCE Custom Styles Plugin <= 1.1.2 is vulnerable to Cross Site Scripting (XSS) | Tim Reeves & David Stöckl | TinyMCE Custom Styles | Medium | 5.9 | 2023-04-25 19:20:07 | Deep Dive |
| CVE-2022-23494 | Cross-site scripting vulnerability in TinyMCE alerts | tinymce | tinymce | Medium | 5.4 | 2022-12-08 21:29:27 | Deep Dive |
| CVE-2022-1217 | Custom TinyMCE Shortcode Button <= 1.1 - Reflected Cross-Site Scripting | Unknown | Custom TinyMCE Shortcode Button | 中危 | - | 2022-05-16 14:30:42 | Deep Dive |
| CVE-2011-4906 | Joomla! TinyMCE 代码问题漏洞 | Joomla! | Tiny browser included with TinyMCE 3.0 | 超危 | - | 2020-02-12 20:59:29 | Deep Dive |