Known Vulnerabilities for products from Tinymce
Listed below are 7 of the newest known vulnerabilities associated with the vendor "Tinymce".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-47762 json | Not Provided | 2026-05-28 | 2026-05-28 | |
| CVE-2026-47761 json | Not Provided | 2026-05-28 | 2026-05-28 | |
| CVE-2026-47760 json | Not Provided | 2026-05-28 | 2026-05-28 | |
| CVE-2026-47759 json | Not Provided | 2026-05-28 | 2026-05-28 | |
| CVE-2026-38526 json | Not Provided | 2026-04-14 | 2026-04-14 | |
| CVE-2025-26582 json | Not Provided | 2025-02-13 | 2026-04-23 | |
| CVE-2025-23439 json | Not Provided | 2025-03-03 | 2026-04-23 | |
| CVE-2024-25904 json | Not Provided | 2024-02-21 | 2026-04-28 | |
| CVE-2014-3845 json | Cross-site request forgery (CSRF) vulnerability in the TinyMCE Color Picker plugin before 1.2 for WordPress allows remote att... | Not Provided | 2014-05-22 | 2026-05-06 |
| CVE-2014-3844 json | The TinyMCE Color Picker plugin before 1.2 for WordPress does not properly check permissions, which allows remote attackers t... | Not Provided | 2014-05-22 | 2026-05-06 |
| CVE-2013-2204 json | moxieplayer.as in Moxiecode moxieplayer, as used in the TinyMCE Media plugin in WordPress before 3.5.2 and other products, do... | Not Provided | 2013-07-08 | 2026-04-29 |
| CVE-2012-6112 json | classes/GoogleSpell.php in the PHP Spellchecker (aka Google Spellchecker) addon before 2.0.6.1 for TinyMCE, as used in Moodle... | Not Provided | 2013-01-27 | 2026-04-29 |
| CVE-2012-4230 json | The bbcode plugin in TinyMCE 3.5.8 does not properly enforce the TinyMCE security policy for the (1) encoding directive and (... | Not Provided | 2014-04-25 | 2026-05-06 |
| CVE-2012-3414 json | Cross-site scripting (XSS) vulnerability in swfupload.swf in SWFUpload 2.2.0.1 and earlier, as used in WordPress before 3.3.2... | Not Provided | 2013-07-19 | 2026-04-29 |
| CVE-2011-4825 json | Static code injection vulnerability in inc/function.base.php in Ajax File and Image Manager before 1.1, as used in tinymce be... | Not Provided | 2011-12-15 | 2026-04-29 |
Known software with vulnerabilities from Tinymce
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Tinymce | Spellchecker Php | 2.0 |
| Application | Tinymce | Tinymce | 3.5.8 |