CVE-2026-3772 WP Editor <= 1.2.9.2 - Cross-Site Request Forgery to Remote Code Execution via Plugin and Theme File Editor

The WP Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.9.2. This is due to missing nonce verification in the 'addpluginspage' and 'addthemespage' functions. This makes it possible for unauthenticated attackers to overwrite arbitrar...

WordPress plugin WP Editor 跨站请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

PT-2026-36318

Name of the Vulnerable Software and Affected Versions WP Editor versions prior to 1.2.9.3 Description The WP Editor plugin for WordPress is susceptible to Cross-Site Request Forgery CSRF, a flaw where an attacker tricks a victim into performing actions they did not intend to. This occurs because...

EUVD-2024-22919

Malicious code in bioql PyPI...

EUVD-2024-22099

Malicious code in bioql PyPI...

EUVD-2025-9219

Malicious code in bioql PyPI...

CVE-2024-25591

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Benjamin Rojas WP Editor.This issue affects WP Editor: from n/a through 1.2.7...

CVE-2016-10885

The wp-editor plugin before 1.2.6 for WordPress has CSRF...

CVE-2016-10877

The wp-editor plugin before 1.2.6.3 for WordPress has multiple XSS issues...

CVE-2016-10886

The wp-editor plugin before 1.2.6 for WordPress has incorrect permissions...

CVE-2025-3295

The WP Editor plugin for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 1.2.9.1. This makes it possible for authenticated attackers, with Administrator-level access and above, to read arbitrary files on the affected site's server which may reveal sensitive...

CVE-2025-3295 WP Editor <= 1.2.9.1 - Authenticated (Administrator+) Directory Traversal to Arbitrary File Read

The WP Editor plugin for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 1.2.9.1. This makes it possible for authenticated attackers, with Administrator-level access and above, to read arbitrary files on the affected site's server which may reveal sensitive...

CVE-2025-3295

CVE-2025-3295 : The WP Editor WordPress plugin is vulnerable to an authenticated Directory Traversal leading to Arbitrary File Read in all versions up to 1.2.9.1. Exploitation requires Administrator-level access or higher, enabling an attacker to read arbitrary files on the affected site’s server...

CVE-2025-3295 WP Editor <= 1.2.9.1 - Authenticated (Administrator+) Directory Traversal to Arbitrary File Read

The WP Editor plugin for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 1.2.9.1. This makes it possible for authenticated attackers, with Administrator-level access and above, to read arbitrary files on the affected site's server which may reveal sensitive...

CVE-2025-3294 WP Editor <= 1.2.9.1 - Authenticated (Administrator+) Directory Traversal to Arbitrary File Update

The WP Editor plugin for WordPress is vulnerable to arbitrary file update due to missing file path validation in all versions up to, and including, 1.2.9.1. This makes it possible for authenticated attackers, with Administrator-level access and above, to overwrite arbitrary files on the affected...

CVE-2025-3294

CVE-2025-3294 affects the WordPress WP Editor plugin up to version 1.2.9.1. The issue is an authenticated directory-traversal flaw (no proper file path validation) that can enable an attacker with Administrator-level access and above to overwrite arbitrary server files, potentially enabling remot...

CVE-2025-3294 WP Editor <= 1.2.9.1 - Authenticated (Administrator+) Directory Traversal to Arbitrary File Update

The WP Editor plugin for WordPress is vulnerable to arbitrary file update due to missing file path validation in all versions up to, and including, 1.2.9.1. This makes it possible for authenticated attackers, with Administrator-level access and above, to overwrite arbitrary files on the affected...

WordPress plugin WP Editor 路径遍历漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A path traversal...

PT-2025-16934 · WordPress · Wp Editor

Name of the Vulnerable Software and Affected Versions: WP Editor plugin for WordPress versions up to, and including, 1.2.9.1 Description: The issue allows authenticated attackers with Administrator-level access and above to read arbitrary files on the affected site's server, potentially revealing...

WordPress plugin WP Editor 路径遍历漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A path traversal...