Theme Editor <= 2.1 - Multiple Vulnerabilities
Description | Versions 2.1 and lower of the "theme-editor" plugin are affected by multiple vulnerabilities such as CSRF, insufficient permission checking, arbitrary file upload and the ability to interact with folders/files on the server in most ways you can imagine. These vulnerabilities (aside from CSRF) require access to any account, regardless of its role. |
Affects Plugin
|
References
URL | https://www.webarxsecurity.com/wordpress-theme-editor-plugin-multiple-vulnerabilities/ |
Classification
Type | MULTI |
Miscellaneous
Original Researcher | WebARX |
Submitter | Dave |
Submitter Website | https://www.webarxsecurity.com |
Submitter Twitter | webarx_security |
Views | 4450 |
Verified | No |
WPVDB ID | 9894 |
Timeline
Publicly Published | 2019-09-30 (3 months ago) |
Added | 2019-09-30 (3 months ago) |
Last Updated | 2019-11-28 (18 days ago) |
Our Other Services
Online WordPress Vulnerability Scanner | WPScan WordPress Security Plugin |