4 matches found
CVE-2026-3772
The WP Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.9.2. This is due to missing nonce verification in the 'addpluginspage' and 'addthemespage' functions. This makes it possible for unauthenticated attackers to overwrite arbitrar...
CVE-2026-3772 WP Editor <= 1.2.9.2 - Cross-Site Request Forgery to Remote Code Execution via Plugin and Theme File Editor
The WP Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.9.2. This is due to missing nonce verification in the 'addpluginspage' and 'addthemespage' functions. This makes it possible for unauthenticated attackers to overwrite arbitrar...
CVE-2026-3772 WP Editor <= 1.2.9.2 - Cross-Site Request Forgery to Remote Code Execution via Plugin and Theme File Editor
The WP Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.9.2. This is due to missing nonce verification in the 'addpluginspage' and 'addthemespage' functions. This makes it possible for unauthenticated attackers to overwrite arbitrar...
PT-2026-36318
Name of the Vulnerable Software and Affected Versions WP Editor versions prior to 1.2.9.3 Description The WP Editor plugin for WordPress is susceptible to Cross-Site Request Forgery CSRF, a flaw where an attacker tricks a victim into performing actions they did not intend to. This occurs because...