Description
WordPress Plugin WP Editor is prone to multiple vulnerabilities, including arbitrary file modification and arbitrary file disclosure vulnerability. An attacker can exploit these vulnerabilities to modify local files in the context of the web server process, which may result in privilege escalation, or to view local files (eg. server configuration), which may aid in launching further attacks. WordPress Plugin WP Editor version 1.2.5.3 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 1.2.6 or latest
References
Related Vulnerabilities
PHP Other Vulnerability (CVE-1999-0068)
XWiki Incomplete Cleanup Vulnerability (CVE-2023-36468)
WordPress Plugin WP-Live Chat by 3CX Cross-Site Scripting (8.1.9)
WordPress Plugin AI ChatBot Arbitrary File Deletion (4.9.2)
Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-5480)