Lucene search

Wp Editor Security Vulnerabilities

cve

CVE-2016-10885

The wp-editor plugin before 1.2.6 for WordPress has CSRF.

8.8CVSS

9.1AI Score

0.001EPSS

2019-08-14 04:15 PM

cve

CVE-2016-10886

The wp-editor plugin before 1.2.6 for WordPress has incorrect permissions.

9.8CVSS

9.5AI Score

0.002EPSS

2019-08-14 04:15 PM

cve

CVE-2021-24151

The WP Editor WordPress plugin before 1.2.7 did not sanitise or validate its setting fields leading to an authenticated (admin+) blind SQL injection issue via an arbitrary parameter when making a request to save the settings.

7.2CVSS

7.3AI Score

0.001EPSS

2024-01-16 04:15 PM

cve

CVE-2021-24367

The WP Config File Editor WordPress plugin through 1.7.1 was affected by an Authenticated Stored Cross-Site Scripting (XSS) vulnerability.

5.4CVSS

5.2AI Score

0.001EPSS

2021-06-21 08:15 PM

cve

CVE-2022-2446

The WP Editor plugin for WordPress is vulnerable to deserialization of untrusted input via the 'current_theme_root' parameter in versions up to, and including 1.2.9. This makes it possible for authenticated attackers with administrative privileges to call files using a PHAR wrapper that will deseri...

7.2CVSS

6.8AI Score

0.001EPSS

2024-09-13 03:15 PM