2 matches found
CVE-2021-24154
The Theme Editor WordPress plugin before 2.6 did not validate the GET file parameter before passing it to the downloadfile function, allowing administrators to download arbitrary files on the web server, such as /etc/passwd...
CVE-2021-24154
The Theme Editor WordPress plugin (