CVE-2025-3295

The WP Editor plugin for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 1.2.9.1. This makes it possible for authenticated attackers, with Administrator-level access and above, to read arbitrary files on the affected site's server which may reveal sensitive...

WordPress plugin WP Editor 路径遍历漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A path traversal...

WordPress Goon – Speed Up Your WordPress Site Plugin <= 1.2.9.1 is vulnerable to Cross Site Scripting (XSS)

Software Goon – Speed Up Your WordPress Site Type Plugin Vulnerable versions = 1.2.9.1 Fixed in 1.2.9.2 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 989eea38eccd Credits Rafie...