ThreatPress

WordPress Vulnerability Database

Back

WordPress Theme Editor plugin <= 2.5 - Multiple Authenticated Arbitrary File Download vulnerabilities

Product
Theme Editor
Description
Multiple Authenticated Arbitrary File Download vulnerabilities found by Nguyen Van Khanh and WPScan security research team in WordPress Theme Editor plugin (versions <= 2.5).
Solution
Update the WordPress Theme Editor plugin to the latest available version (at least 2.6).
Classification
Type Arbitrary File Download
OWASP Top 10 A6: Sensitive Data Exposure
References
Vulnerability details
Plugin changelog
CVE
Name CVE-N/A
Versions
Affected In <= 2.5
Fixed In 2.6
Disclosure date
2021-02-13
Credits
Nguyen Van Khanh