8.8CVSS
9.1AI Score
0.001EPSS
9.8CVSS
9.5AI Score
0.002EPSS
The WP Editor WordPress plugin before 1.2.7 did not sanitise or validate its setting fields leading to an authenticated (admin+) blind SQL injection issue via an arbitrary parameter when making a request to save the settings.
7.2CVSS
7.3AI Score
0.001EPSS
The WP Config File Editor WordPress plugin through 1.7.1 was affected by an Authenticated Stored Cross-Site Scripting (XSS) vulnerability.
5.4CVSS
5.2AI Score
0.001EPSS
The WP Editor plugin for WordPress is vulnerable to deserialization of untrusted input via the 'current_theme_root' parameter in versions up to, and including 1.2.9. This makes it possible for authenticated attackers with administrative privileges to call files using a PHAR wrapper that will deseri...
7.2CVSS
6.8AI Score
0.001EPSS