To plugin page

Fixed

WordPress Theme Editor plugin <= 2.5 - Multiple Authenticated Arbitrary File Download vulnerabilities

CVSS 3.1 score Unknown severity

Monitoring Coming soon

Find out about vulnerable plugins in your websites for free.

Scan your website

Software

Theme Editor

Type

Plugin

Vulnerable versions

<= 2.5

Fixed in

2.6

PSID

61852f2df0bd

CVE ID

N/A

Classification

Arbitrary File Download

OWASP Top 10

A6: Sensitive Data Exposure

Required privilege

Credits

Nguyen Van Khanh

Publicly disclosed

2021-02-13

Details

Multiple Authenticated Arbitrary File Download vulnerabilities found by Nguyen Van Khanh and WPScan security research team in WordPress Theme Editor plugin (versions <= 2.5).

Solution

Update the WordPress Theme Editor plugin to the latest available version (at least 2.6).

References

Vulnerability details Plugin changelog

Other known vulnerabilities for Theme Editor

Multiple vulnerabilities

<= 2.1

Submit vulnerabilities and become a verified Alliance member

Learn more

WordPress Theme Editor plugin <= 2.5 - Multiple Authenticated Arbitrary File Download vulnerabilities

Details

Solution

References

Other known vulnerabilities for Theme Editor

Submit vulnerabilities and become a verified Alliance member

All solutions

WordPress security

Patchstack

Social

All solutions

WordPress Security

Patchstack

Social

© 2022 Patchstack

WordPress Theme Editor plugin <= 2.5 - Multiple Authenticated Arbitrary File Download vulnerabilities

Details

Solution

References

Other known vulnerabilities for Theme Editor

Submit vulnerabilities and become a verified Alliance member

All solutions

WordPress security

Patchstack

Social

All solutions

WordPress Security

Patchstack

Social

© 2022 Patchstack

Let us know if we have missed a vulnerability reported elsewhere

Thank you for contributing!