9 matches found
CVE-2025-12637
The Elastic Theme Editor plugin for WordPress is vulnerable to arbitrary file uploads due to a dynamic code generation feature in the processtheme function in all versions up to, and including, 0.0.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to...
EUVD-2025-60929
The Elastic Theme Editor plugin for WordPress is vulnerable to arbitrary file uploads due to a dynamic code generation feature in the processtheme function in all versions up to, and including, 0.0.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to...
CVE-2025-12637
The Elastic Theme Editor plugin for WordPress is vulnerable to arbitrary file uploads due to a dynamic code generation feature in the processtheme function in all versions up to, and including, 0.0.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to...
CVE-2025-12637 Elastic Theme Editor <= 0.0.3 - Authenticated (Subscriber+) Arbitrary File Upload
The Elastic Theme Editor plugin for WordPress is vulnerable to arbitrary file uploads due to a dynamic code generation feature in the processtheme function in all versions up to, and including, 0.0.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to...
CVE-2025-12637 Elastic Theme Editor <= 0.0.3 - Authenticated (Subscriber+) Arbitrary File Upload
The Elastic Theme Editor plugin for WordPress is vulnerable to arbitrary file uploads due to a dynamic code generation feature in the processtheme function in all versions up to, and including, 0.0.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to...
CVE-2025-12637
CVE-2025-12637 affects the Elastic Theme Editor plugin for WordPress, with versions up to 0.0.3. The vulnerability stems from a dynamic code generation flow in process_theme that enables an authenticated user with Subscriber+ privileges to upload arbitrary files to the server. This could potentia...
WordPress plugin Elastic Theme Editor 代码注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A code injection...
PT-2025-46282
Name of the Vulnerable Software and Affected Versions Elastic Theme Editor plugin for WordPress versions up to and including 0.0.3 Description The Elastic Theme Editor plugin for WordPress is susceptible to arbitrary file uploads. This is due to a dynamic code generation feature within the proces...
WordPress Elastic Theme Editor plugin <= 0.0.3 - Authenticated (Subscriber+) Arbitrary File Upload vulnerability
Authenticated Subscriber+ Arbitrary File Upload vulnerability discovered by kr0d in WordPress Plugin Elastic Theme Editor versions = 0.0.3...