Theme Editor <= 2.1 - Multiple Vulnerabilities

Description

Versions 2.1 and lower of the "theme-editor" plugin are affected by multiple vulnerabilities such as CSRF, insufficient permission checking, arbitrary file upload and the ability to interact with folders/files on the server in most ways you can imagine. These vulnerabilities (aside from CSRF) require access to any account, regardless of its role.

Affects Plugin

Theme Editor

fixed in version 2.2

References

URL	https://www.webarxsecurity.com/wordpress-theme-editor-plugin-multiple-vulnerabilities/

Classification

Type

MULTI

Miscellaneous

Original Researcher	WebARX
Submitter	Dave
Submitter Website	https://www.webarxsecurity.com
Submitter Twitter	webarx_security
Views	5678
Verified	No
WPVDB ID	9894

Timeline

Publicly Published	2019-09-30 (8 months ago)
Added	2019-09-30 (8 months ago)
Last Updated	2019-11-28 (6 months ago)

Our Other Services

Online WordPress Vulnerability Scanner

WPScan WordPress Security Plugin