🎉Wordfence just launched its bug bounty program. Over the next 6 months, all awarded bounties receive a 10% bonus. Register as a researcher and submit your vulnerabilities today!

As a reminder, the Wordfence Intelligence Vulnerability Database API is completely free to query and utilize, both personally and commercially, and contains all the same vulnerability data as the user interface. Please review the API documentation and Webhook documentation for more information on how to query the vulnerability API endpoints and configure webhooks utilizing all the same data present in the Wordfence Intelligence user interface.

Crayon Syntax Highlighter

Wordfence Intelligence > Vulnerability Database > WordPress Plugins > Crayon Syntax Highlighter

Information

Software Type	Plugin
Software Slug	crayon-syntax-highlighter (view on wordpress.org)
Software Status	Removed
Software Author	akarmenia
Software Website	github.com
Software Downloads	708,733
Software Active Installs	10,000
Software Record Last Updated	November 28, 2023

6 Vulnerabilities

Crayon Syntax Highlighter <= 2.8.4 - Authenticated (Contributor+) Server Side Request Forgery

6.4

CVE-2023-4893

Sep 11, 2023

Researcher: István Márton

Crayon Syntax Highlighter <= 2.8.4 - Cross-Site Request Forgery

8.8

CVE-2022-47167

Jan 13, 2023

Researcher: István Márton

Crayon Syntax Highlighter < 2.8.4 - Cross-Site Scripting

6.1

CVE-2016-10893

May 10, 2016

Researchers:

Crayon Syntax Highlighter 2.0 - 2.6.10 - Missing Authorization

5.4

CVE ID Unknown

Apr 20, 2015

Researcher: James Hooker

Crayon Syntax Highlighter <= 2.6.10 - Directory Traversal

6.5

CVE ID Unknown

Apr 14, 2015

Researcher: Kevin Subileau

Crayon Syntax Highlighter Plugin <= 1.13 - Remote File Inclusion

9.8

CVE ID Unknown

Oct 15, 2012

Researcher: Charlie Eriksen

Title	CVE ID	CVSS	Researchers	Date
Crayon Syntax Highlighter <= 2.8.4 - Authenticated (Contributor+) Server Side Request Forgery	CVE-2023-4893	6.4	István Márton	September 11, 2023
Crayon Syntax Highlighter <= 2.8.4 - Cross-Site Request Forgery	CVE-2022-47167	8.8	István Márton	January 13, 2023
Crayon Syntax Highlighter < 2.8.4 - Cross-Site Scripting	CVE-2016-10893	6.1		May 10, 2016
Crayon Syntax Highlighter 2.0 - 2.6.10 - Missing Authorization		5.4	James Hooker	April 20, 2015
Crayon Syntax Highlighter <= 2.6.10 - Directory Traversal		6.5	Kevin Subileau	April 14, 2015
Crayon Syntax Highlighter Plugin <= 1.13 - Remote File Inclusion		9.8	Charlie Eriksen	October 15, 2012

All the threat data shared in this database is powered by Wordfence Intelligence Enterprise.
Interested in integrating this data into your platform or network?
Contact us now to discuss API access to our Wordfence Intelligence Enterprise Data Feeds.

Inquire Now

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation