65 matches found
CVE-2024-25591 WordPress WP Editor plugin <=1.2.7 - Sensitive Data Exposure vulnerability
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Benjamin Rojas WP Editor.This issue affects WP Editor: from n/a through 1.2.7...
PT-2024-21021 · WordPress · Benjamin Rojas Wp Editor
Name of the Vulnerable Software and Affected Versions: Benjamin Rojas WP Editor versions 1.2.7 and earlier Description: The issue is related to the exposure of sensitive information to an unauthorized actor. This is a problem where sensitive data is made available to individuals who should not ha...
CVE-2021-24151
The WP Editor WordPress plugin before 1.2.7 did not sanitise or validate its setting fields leading to an authenticated admin+ blind SQL injection issue via an arbitrary parameter when making a request to save the settings...
CVE-2021-24151 WP Editor < 1.2.7 - Authenticated SQL injection
The WP Editor WordPress plugin before 1.2.7 did not sanitise or validate its setting fields leading to an authenticated admin+ blind SQL injection issue via an arbitrary parameter when making a request to save the settings...
CVE-2021-24151 WP Editor < 1.2.7 - Authenticated SQL injection
The WP Editor WordPress plugin before 1.2.7 did not sanitise or validate its setting fields leading to an authenticated admin+ blind SQL injection issue via an arbitrary parameter when making a request to save the settings...
CVE-2021-24151
Summary of CVE-2021-24151 : The WP Editor WordPress plugin (versions before 1.2.7) contains an authenticated (admin+) blind SQL injection vulnerability in its settings save path caused by failure to sanitize/validate setting fields. This allows an arbitrary parameter to influence the SQL query du...
WP Editor < 1.2.7 - Authenticated SQL injection
The plugin did not sanitise or validate its setting fields leading to an authenticated admin+ blind SQL injection issue via an arbitrary parameter when making a request to save the settings. https://drive.google.com/file/d/1KT4lHePmYuX36jvA4AEQ1MVDwJBlZOO/view?usp=sharing payload:...
WordPress wp-editor plugin permission license and access control issue vulnerability
WordPress is a set of blogging platform developed by WordPress Foundation using PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. wp-editor plugin is an editor plugin used in it. A security vulnerability exists in WordPress wp-editor plugin versions prio...
WordPress wp-editor plugin cross-site request forgery vulnerability
WordPress is a set of blogging platform developed by WordPress Foundation using PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. wp-editor plugin is an editor plugin used in it. A cross-site request forgery vulnerability exists in the WordPress wp-edito...
CVE-2016-10885
The wp-editor plugin before 1.2.6 for WordPress has CSRF...
CVE-2016-10886
The wp-editor plugin before 1.2.6 for WordPress has incorrect permissions...
CVE-2016-10886
The wp-editor plugin before 1.2.6 for WordPress has incorrect permissions...
CVE-2016-10885
The wp-editor plugin before 1.2.6 for WordPress has CSRF...
CVE-2016-10885
The Red Hat and OpenVAS/Misc entries confirm a CSRF vulnerability in the WordPress wp-editor plugin prior to version 1.2.6. The flaw allows unauthorized requests from authenticated users to perform state-changing actions (CSRF) within wp-editor. Affected component: WordPress wp-editor plugin; vul...
CVE-2016-10886
The CVE-2016-10886 entry concerns the WordPress wp-editor plugin prior to version 1.2.6 with incorrect permissions. Connected sources (Red Hat, CNVD, OpenVAS, PRION, CVE/CVEList mirrors, WPScan) corroborate that the issue affects the wp-editor plugin for WordPress and is limited to versions befor...
PT-2019-7682 · WordPress · Wp Editor
Name of the Vulnerable Software and Affected Versions: wp-editor plugin versions prior to 1.2.6 Description: The issue is related to incorrect permissions in the wp-editor plugin for WordPress. Recommendations: For versions prior to 1.2.6, update to version 1.2.6 or later to resolve the issue...
WordPress wp-editor plugin cross-site scripting vulnerability
WordPress is a set of blogging platform developed by WordPress Foundation using PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. wp-editor plugin is an editor plugin used in it. A cross-site scripting vulnerability exists in WordPress wp-editor plugin...
CVE-2016-10877
The wp-editor plugin before 1.2.6.3 for WordPress has multiple XSS issues...
CVE-2016-10877
The wp-editor plugin before 1.2.6.3 for WordPress has multiple XSS issues...
Cross site scripting
The wp-editor plugin before 1.2.6.3 for WordPress has multiple XSS issues...