PT-2025-21560 · WordPress · Download Html Tinymce Button

Published

2025-05-15

Updated

2025-05-15

CVE-2025-1286

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions: Download HTML TinyMCE Button WordPress plugin versions 1.2 and earlier

Description: The issue concerns a Reflected Cross-Site Scripting problem. It arises because a parameter is not properly sanitized and escaped before being outputted back in the page. This could be exploited against high-privilege users, such as administrators.

Recommendations: For Download HTML TinyMCE Button WordPress plugin versions 1.2 and earlier, update to a version that properly sanitizes and escapes parameters before outputting them back in the page to prevent Reflected Cross-Site Scripting.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2025-1286

Affected Products

Download Html Tinymce Button

PT-2025-21560 · WordPress · Download Html Tinymce Button

CVE-2025-1286

Weakness Enumeration

Related Identifiers

Affected Products

References · 4