Theme Editor <= 2.1 - Multiple Vulnerabilities
| Description | Versions 2.1 and lower of the "theme-editor" plugin are affected by multiple vulnerabilities such as CSRF, insufficient permission checking, arbitrary file upload and the ability to interact with folders/files on the server in most ways you can imagine. These vulnerabilities (aside from CSRF) require access to any account, regardless of its role. |
Affects Plugin
|
fixed in version 2.2
|
References
| URL | https://www.webarxsecurity.com/wordpress-theme-editor-plugin-multiple-vulnerabilities/ |
Classification
| Type | MULTI |
Miscellaneous
| Original Researcher | WebARX |
| Submitter | Dave |
| Submitter Website | https://www.webarxsecurity.com |
| Submitter Twitter | webarx_security |
| Views | 2885 |
| Verified | No |
| WPVDB ID | 9894 |
Timeline
| Publicly Published | 2019-09-30 (21 days ago) |
| Added | 2019-09-30 (21 days ago) |
| Last Updated | 2019-09-30 (21 days ago) |
Our Other Services
| Online WordPress Vulnerability Scanner | WPScan WordPress Security Plugin |
