Lucene search
K

9 matches found

RedhatCVE
RedhatCVE
added 2025/11/12 3:46 a.m.23 views

CVE-2025-12637

The Elastic Theme Editor plugin for WordPress is vulnerable to arbitrary file uploads due to a dynamic code generation feature in the processtheme function in all versions up to, and including, 0.0.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to...

8.8CVSS7.3AI score0.00515EPSS
Exploits0References1
EUVD
EUVD
added 2025/11/11 6:30 a.m.4 views

EUVD-2025-60929

The Elastic Theme Editor plugin for WordPress is vulnerable to arbitrary file uploads due to a dynamic code generation feature in the processtheme function in all versions up to, and including, 0.0.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to...

8.8CVSS6.9AI score0.00515EPSS
Exploits0References3
NVD
NVD
added 2025/11/11 4:15 a.m.6 views

CVE-2025-12637

The Elastic Theme Editor plugin for WordPress is vulnerable to arbitrary file uploads due to a dynamic code generation feature in the processtheme function in all versions up to, and including, 0.0.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to...

8.8CVSS0.00515EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/11/11 3:30 a.m.2 views

CVE-2025-12637 Elastic Theme Editor <= 0.0.3 - Authenticated (Subscriber+) Arbitrary File Upload

The Elastic Theme Editor plugin for WordPress is vulnerable to arbitrary file uploads due to a dynamic code generation feature in the processtheme function in all versions up to, and including, 0.0.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to...

8.8CVSS6.9AI score0.00515EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/11/11 3:30 a.m.7 views

CVE-2025-12637 Elastic Theme Editor <= 0.0.3 - Authenticated (Subscriber+) Arbitrary File Upload

The Elastic Theme Editor plugin for WordPress is vulnerable to arbitrary file uploads due to a dynamic code generation feature in the processtheme function in all versions up to, and including, 0.0.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to...

8.8CVSS0.00515EPSS
Exploits0References2
CVE
CVE
added 2025/11/11 3:30 a.m.22 views

CVE-2025-12637

CVE-2025-12637 affects the Elastic Theme Editor plugin for WordPress, with versions up to 0.0.3. The vulnerability stems from a dynamic code generation flow in process_theme that enables an authenticated user with Subscriber+ privileges to upload arbitrary files to the server. This could potentia...

8.8CVSS7AI score0.00515EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/11/11 12:0 a.m.9 views

WordPress plugin Elastic Theme Editor 代码注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A code injection...

8.8CVSS8AI score0.00515EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/11/11 12:0 a.m.8 views

PT-2025-46282

Name of the Vulnerable Software and Affected Versions Elastic Theme Editor plugin for WordPress versions up to and including 0.0.3 Description The Elastic Theme Editor plugin for WordPress is susceptible to arbitrary file uploads. This is due to a dynamic code generation feature within the proces...

8.8CVSS7.5AI score0.00515EPSS
Exploits0References5
Patchstack
Patchstack
added 2025/11/10 10:25 p.m.10 views

WordPress Elastic Theme Editor plugin <= 0.0.3 - Authenticated (Subscriber+) Arbitrary File Upload vulnerability

Authenticated Subscriber+ Arbitrary File Upload vulnerability discovered by kr0d in WordPress Plugin Elastic Theme Editor versions = 0.0.3...

8.8CVSS6.8AI score0.00515EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder