Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total3
Critical0
High2
Medium1
Reset
Showing 1-3 of 3 records
Threat Entry Updated 2025-07-09

CVE-2025-3295 - Wp Editor Plugin

The WP Editor plugin for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 1.2.9.1. This makes it possible for authenticated attackers, with Administrator-level access and above, to read arbitrary files on the affected site's server which may reveal sensitive information.

PLUGIN Wp Editor

CVE-2025-3295

MEDIUM CVSS 4.9 2025-04-17
Open Full Technical Breakdown
Threat Entry Updated 2025-07-09

CVE-2025-3294 - Wp Editor Plugin

The WP Editor plugin for WordPress is vulnerable to arbitrary file update due to missing file path validation in all versions up to, and including, 1.2.9.1. This makes it possible for authenticated attackers, with Administrator-level access and above, to overwrite arbitrary files on the affected site's server which may make remote code execution possible assuming the files can be written to by the web server.

PLUGIN Wp Editor

CVE-2025-3294

HIGH CVSS 7.2 2025-04-17
Open Full Technical Breakdown
Threat Entry Updated 2025-06-20

CVE-2021-24151 - Wp Editor Plugin

The WP Editor WordPress plugin before 1.2.7 did not sanitise or validate its setting fields leading to an authenticated (admin+) blind SQL injection issue via an arbitrary parameter when making a request to save the settings.

PLUGIN Wp Editor

CVE-2021-24151

HIGH CVSS 7.2 2024-01-16
Open Full Technical Breakdown
Scroll to top