Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2026-05-01
CVE-2026-3772 - Wp Editor Plugin
The WP Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.9.2. This is due to missing nonce verification in the 'add_plugins_page' and 'add_themes_page' functions. This makes it possible for unauthenticated attackers to overwrite arbitrary plugin and theme PHP files with attacker-controlled code via a forged request, granted they can trick a site administrator into performing an action such as clicking a link.
PLUGIN
Wp Editor
CVE-2026-3772
Risk Score
Threat Entry
Updated 2025-07-09
CVE-2025-3295 - Wp Editor Plugin
The WP Editor plugin for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 1.2.9.1. This makes it possible for authenticated attackers, with Administrator-level access and above, to read arbitrary files on the affected site's server which may reveal sensitive information.
PLUGIN
Wp Editor
CVE-2025-3295
Risk Score
Threat Entry
Updated 2025-07-09
CVE-2025-3294 - Wp Editor Plugin
The WP Editor plugin for WordPress is vulnerable to arbitrary file update due to missing file path validation in all versions up to, and including, 1.2.9.1. This makes it possible for authenticated attackers, with Administrator-level access and above, to overwrite arbitrary files on the affected site's server which may make remote code execution possible assuming the files can be written to by the web server.
PLUGIN
Wp Editor
CVE-2025-3294
Risk Score
Threat Entry
Updated 2025-06-20
CVE-2021-24151 - Wp Editor Plugin
The WP Editor WordPress plugin before 1.2.7 did not sanitise or validate its setting fields leading to an authenticated (admin+) blind SQL injection issue via an arbitrary parameter when making a request to save the settings.
PLUGIN
Wp Editor
CVE-2021-24151
Risk Score