ThreatPress

WordPress Vulnerabilities Database

Back

WordPress Theme Editor plugin <= 2.1 - Multiple vulnerabilities

Product
Theme Editor
Description
Multiple vulnerabilities (CSRF, insufficient permission checking, arbitrary file upload) found by WebARX in WordPress Theme Editor plugin (versions <= 2.1).
Solution
Update the WordPress Theme Editor plugin to the latest available version (at least 2.2).
Classification
Type Multi
References
Plugin changelog
CVE
Name CVE-N/A
Versions
Affected In <= 2.1
Fixed In 2.2
Disclosure date
2019-09-30
Credits
WebARX
Submitter
ThreatPress