Lucene search
K
BenjaminrojasWp Editor

7 matches found

CVE
CVE
added 2025/04/17 5:23 a.m.77 views

CVE-2025-3294

CVE-2025-3294 affects the WordPress WP Editor plugin up to version 1.2.9.1. The issue is an authenticated directory-traversal flaw (no proper file path validation) that can enable an attacker with Administrator-level access and above to overwrite arbitrary server files, potentially enabling remot...

7.2CVSS7.3AI score0.00819EPSS
CVE
CVE
added 2024/03/17 4:14 p.m.76 views

CVE-2024-25591

Summary: CVE-2024-25591 affects the WordPress plugin WP Editor (versions

7.5CVSS8.5AI score0.00453EPSS
CVE
CVE
added 2025/04/17 5:23 a.m.70 views

CVE-2025-3295

CVE-2025-3295 : The WP Editor WordPress plugin is vulnerable to an authenticated Directory Traversal leading to Arbitrary File Read in all versions up to 1.2.9.1. Exploitation requires Administrator-level access or higher, enabling an attacker to read arbitrary files on the affected site’s server...

4.9CVSS5AI score0.00445EPSS
CVE
CVE
added 2024/09/13 3:10 p.m.56 views

CVE-2022-2446

CVE-2022-2446 affects the WP Editor WordPress plugin. The vulnerability is a PHAR deserialization issue via the current_theme_root parameter in versions up to and including 1.2.9. An authenticated attacker with administrative privileges who can upload a serialized payload can trigger deserializat...

7.2CVSS7.1AI score0.00578EPSS
CVE
CVE
added 2019/08/14 3:25 p.m.55 views

CVE-2016-10885

The Red Hat and OpenVAS/Misc entries confirm a CSRF vulnerability in the WordPress wp-editor plugin prior to version 1.2.6. The flaw allows unauthorized requests from authenticated users to perform state-changing actions (CSRF) within wp-editor. Affected component: WordPress wp-editor plugin; vul...

8.8CVSS9.1AI score0.0068EPSS
CVE
CVE
added 2019/08/14 3:25 p.m.49 views

CVE-2016-10886

The CVE-2016-10886 entry concerns the WordPress wp-editor plugin prior to version 1.2.6 with incorrect permissions. Connected sources (Red Hat, CNVD, OpenVAS, PRION, CVE/CVEList mirrors, WPScan) corroborate that the issue affects the wp-editor plugin for WordPress and is limited to versions befor...

9.8CVSS9.5AI score0.01999EPSS
CVE
CVE
added 2024/01/16 3:48 p.m.39 views

CVE-2021-24151

Summary of CVE-2021-24151 : The WP Editor WordPress plugin (versions before 1.2.7) contains an authenticated (admin+) blind SQL injection vulnerability in its settings save path caused by failure to sanitize/validate setting fields. This allows an arbitrary parameter to influence the SQL query du...

7.2CVSS7.3AI score0.00771EPSS