7 matches found
CVE-2025-3294
CVE-2025-3294 affects the WordPress WP Editor plugin up to version 1.2.9.1. The issue is an authenticated directory-traversal flaw (no proper file path validation) that can enable an attacker with Administrator-level access and above to overwrite arbitrary server files, potentially enabling remot...
CVE-2024-25591
Summary: CVE-2024-25591 affects the WordPress plugin WP Editor (versions
CVE-2025-3295
CVE-2025-3295 : The WP Editor WordPress plugin is vulnerable to an authenticated Directory Traversal leading to Arbitrary File Read in all versions up to 1.2.9.1. Exploitation requires Administrator-level access or higher, enabling an attacker to read arbitrary files on the affected site’s server...
CVE-2022-2446
CVE-2022-2446 affects the WP Editor WordPress plugin. The vulnerability is a PHAR deserialization issue via the current_theme_root parameter in versions up to and including 1.2.9. An authenticated attacker with administrative privileges who can upload a serialized payload can trigger deserializat...
CVE-2016-10885
The Red Hat and OpenVAS/Misc entries confirm a CSRF vulnerability in the WordPress wp-editor plugin prior to version 1.2.6. The flaw allows unauthorized requests from authenticated users to perform state-changing actions (CSRF) within wp-editor. Affected component: WordPress wp-editor plugin; vul...
CVE-2016-10886
The CVE-2016-10886 entry concerns the WordPress wp-editor plugin prior to version 1.2.6 with incorrect permissions. Connected sources (Red Hat, CNVD, OpenVAS, PRION, CVE/CVEList mirrors, WPScan) corroborate that the issue affects the wp-editor plugin for WordPress and is limited to versions befor...
CVE-2021-24151
Summary of CVE-2021-24151 : The WP Editor WordPress plugin (versions before 1.2.7) contains an authenticated (admin+) blind SQL injection vulnerability in its settings save path caused by failure to sanitize/validate setting fields. This allows an arbitrary parameter to influence the SQL query du...