CVE-2016-10885

The wp-editor plugin before 1.2.6 for WordPress has CSRF...

CVE-2016-10877

The wp-editor plugin before 1.2.6.3 for WordPress has multiple XSS issues...

CVE-2016-10886

The wp-editor plugin before 1.2.6 for WordPress has incorrect permissions...

CVE-2025-3295 WP Editor <= 1.2.9.1 - Authenticated (Administrator+) Directory Traversal to Arbitrary File Read

The WP Editor plugin for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 1.2.9.1. This makes it possible for authenticated attackers, with Administrator-level access and above, to read arbitrary files on the affected site's server which may reveal sensitive...

CVE-2025-3294 WP Editor <= 1.2.9.1 - Authenticated (Administrator+) Directory Traversal to Arbitrary File Update

The WP Editor plugin for WordPress is vulnerable to arbitrary file update due to missing file path validation in all versions up to, and including, 1.2.9.1. This makes it possible for authenticated attackers, with Administrator-level access and above, to overwrite arbitrary files on the affected...

CVE-2025-3294

CVE-2025-3294 affects the WordPress WP Editor plugin up to version 1.2.9.1. The issue is an authenticated directory-traversal flaw (no proper file path validation) that can enable an attacker with Administrator-level access and above to overwrite arbitrary server files, potentially enabling remot...

CVE-2025-3294 WP Editor <= 1.2.9.1 - Authenticated (Administrator+) Directory Traversal to Arbitrary File Update

The WP Editor plugin for WordPress is vulnerable to arbitrary file update due to missing file path validation in all versions up to, and including, 1.2.9.1. This makes it possible for authenticated attackers, with Administrator-level access and above, to overwrite arbitrary files on the affected...

PT-2025-16934 · WordPress · Wp Editor

Name of the Vulnerable Software and Affected Versions: WP Editor plugin for WordPress versions up to, and including, 1.2.9.1 Description: The issue allows authenticated attackers with Administrator-level access and above to read arbitrary files on the affected site's server, potentially revealing...

WordPress plugin WP Editor 路径遍历漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A path traversal...

PT-2025-16933 · WordPress · Wp Editor

Name of the Vulnerable Software and Affected Versions: WP Editor plugin for WordPress versions up to and including 1.2.9.1 Description: The WP Editor plugin for WordPress is susceptible to arbitrary file update due to a missing file path validation. This allows authenticated attackers with...

CVE-2022-2446

The WP Editor plugin for WordPress is vulnerable to deserialization of untrusted input via the 'currentthemeroot' parameter in versions up to, and including 1.2.9. This makes it possible for authenticated attackers with administrative privileges to call files using a PHAR wrapper that will...

WordPress WP Editor Plugin <= 1.2.9 is vulnerable to PHP Object Injection

Software WP Editor Type Plugin Vulnerable versions = 1.2.9 Fixed in 1.2.9.1 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2022-2446 Patch priority Low CVSS severity Low 7.2 Developer Claim ownership PSID 2c7bc2d905b6 Credits Rasoul Jahanshahi Required privilege...

CVE-2021-24151 WP Editor < 1.2.7 - Authenticated SQL injection

The WP Editor WordPress plugin before 1.2.7 did not sanitise or validate its setting fields leading to an authenticated admin+ blind SQL injection issue via an arbitrary parameter when making a request to save the settings...

WordPress wp-editor plugin cross-site request forgery vulnerability

WordPress is a set of blogging platform developed by WordPress Foundation using PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. wp-editor plugin is an editor plugin used in it. A cross-site request forgery vulnerability exists in the WordPress wp-edito...

CVE-2016-10886

The wp-editor plugin before 1.2.6 for WordPress has incorrect permissions...

CVE-2016-10877

The wp-editor plugin before 1.2.6.3 for WordPress has multiple XSS issues...

Cross site scripting

The wp-editor plugin before 1.2.6.3 for WordPress has multiple XSS issues...

WordPress WP Editor plugin <= 1.2.6.2 - Multiple Cross-Site Scripting (XSS) vulnerabilities

Multiple Cross-Site Scripting XSS vulnerabilities found in WordPress WP Editor plugin versions = 1.2.6.2. Solution Update the WordPress WP Editor plugin to the latest available version at least 1.2.6.3...