CVE-2026-3772 WP Editor <= 1.2.9.2 - Cross-Site Request Forgery to Remote Code Execution via Plugin and Theme File Editor

The WP Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.9.2. This is due to missing nonce verification in the 'addpluginspage' and 'addthemespage' functions. This makes it possible for unauthenticated attackers to overwrite arbitrar...

CVE-2026-3772

The WP Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.9.2. This is due to missing nonce verification in the 'addpluginspage' and 'addthemespage' functions. This makes it possible for unauthenticated attackers to overwrite arbitrar...

CVE-2026-3772

The CVE-2026-3772 entry concerns the WP Editor WordPress plugin. A CSRF vulnerability exists in all versions up to and including 1.2.9.2 due to missing nonce verification in the add_plugins_page and add_themes_page functions. This can allow unauthenticated attackers to overwrite arbitrary plugin ...

WordPress WP Editor plugin <= 1.2.9.2 - Cross-Site Request Forgery to Remote Code Execution vulnerability

Cross-Site Request Forgery to Remote Code Execution vulnerability discovered by Jack Pas Dark. - Black Lantern Security in WordPress Plugin WP Editor versions = 1.2.9.2...

CVE-2026-27067 WordPress Mobile App Editor plugin <= 1.3.1 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Syarif Mobile App Editor mobile-app-editor allows Upload a Web Shell to a Web Server.This issue affects Mobile App Editor: from n/a through = 1.3.1...

CVE-2025-64354

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Matias Ventura Gutenberg gutenberg allows Stored XSS.This issue affects Gutenberg: from n/a through = 21.8.2...

EUVD-2024-19755

Malicious code in bioql PyPI...

CVE-2025-57909

CVE-2025-57909 affects Editor Custom Color Palette (Rouergue Création) for WordPress, with a Missing Authorization flaw in versions

Linux Distros Unpatched Vulnerability : CVE-2021-29450

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Wordpress is an open source CMS. One of the blocks in the WordPress editor can be exploited in a way that exposes password-protected posts and pages. This...

CVE-2025-3294

The WP Editor plugin for WordPress is vulnerable to arbitrary file update due to missing file path validation in all versions up to, and including, 1.2.9.1. This makes it possible for authenticated attackers, with Administrator-level access and above, to overwrite arbitrary files on the affected...

CVE-2025-1203 Slider, Gallery, Carousel by MetaSlider < 3.95.0 - Editor+ Stored XSS

The Slider, Gallery, and Carousel by MetaSlider WordPress plugin before 3.95.0 does not sanitise and escape some of its settings, which could allow high privilege users such as editor to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example ...

WordPress Bootstrap Blocks for WP Editor v2 plugin <= 2.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zaim in WordPress Plugin Bootstrap Blocks for WP Editor v2 versions = 2.5.0...

WordPress plugin Bootstrap Blocks for WP Editor 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripti...

CVE-2022-2446 WP Editor <= 1.2.9 - Authenticated (Admin+) PHAR Deserialization

The WP Editor plugin for WordPress is vulnerable to deserialization of untrusted input via the 'currentthemeroot' parameter in versions up to, and including 1.2.9. This makes it possible for authenticated attackers with administrative privileges to call files using a PHAR wrapper that will...

PT-2024-11530 · WordPress · Wp Editor

Name of the Vulnerable Software and Affected Versions: WP Editor plugin for WordPress versions up to, and including 1.2.9 Description: The issue allows deserialization of untrusted input via the current theme root parameter. This enables authenticated attackers with administrative privileges to...

CVE-2024-7351 Simple Job Board <= 2.12.3 - Authenticated (Editor+) PHP Object Injection

The Simple Job Board plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.12.3 via deserialization of untrusted input when editing job applications. This makes it possible for authenticated attackers, with Editor-level access and above, to inject a PH...

CVE-2024-25591

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Benjamin Rojas WP Editor.This issue affects WP Editor: from n/a through 1.2.7...

PT-2024-10887 · WordPress · Wp Editor

Name of the Vulnerable Software and Affected Versions: WP Editor WordPress plugin version 1.2.6 and earlier Description: The issue is related to an authenticated blind SQL injection problem. It occurs because the plugin does not properly sanitise or validate its setting fields, allowing an...

PT-2019-7681 · WordPress · Wp Editor

Name of the Vulnerable Software and Affected Versions: wp-editor plugin versions prior to 1.2.6 Description: The issue concerns a CSRF problem in the wp-editor plugin for WordPress. Recommendations: For versions prior to 1.2.6, update to version 1.2.6 or later to resolve the issue...