Theme Editor <= 2.1 - Multiple Vulnerabilities



Description
Versions 2.1 and lower of the "theme-editor" plugin are affected by multiple vulnerabilities such as CSRF, insufficient permission checking, arbitrary file upload and the ability to interact with folders/files on the server in most ways you can imagine. These vulnerabilities (aside from CSRF) require access to any account, regardless of its role.

Affects Plugin

fixed in version 2.2

References

URL https://www.webarxsecurity.com/wordpress-theme-editor-plugin-multiple-vulnerabilities/

Classification

Type MULTI

Miscellaneous

Original Researcher WebARX
Submitter Dave
Submitter Website https://www.webarxsecurity.com
Submitter Twitter webarx_security
Views 4450
Verified No
WPVDB ID 9894

Timeline

Publicly Published 2019-09-30 (3 months ago)
Added 2019-09-30 (3 months ago)
Last Updated 2019-11-28 (18 days ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin