Plugin icon

WP Editor

wp-editor

Vulnerabilities:

8

Last Updated:

March 11, 2026

Active Installs:

30000

Published
Title
Fixed in
CVSS
Published
2025-04-16
Title
WP Editor < 1.2.9.2 - Authenticated (Administrator+) Directory Traversal to Arbitrary File Read
Fixed in
Fixed in 1.2.9.2
CVSS
4.9 (medium)
Published
2025-04-16
Title
WP Editor < 1.2.9.2 - Authenticated (Administrator+) Directory Traversal to Arbitrary File Update
Fixed in
Fixed in 1.2.9.2
CVSS
7.2 (high)
Published
2024-09-12
Title
WP Editor < 1.2.9.1 - Authenticated (Admin+) PHAR Deserialization
Fixed in
Fixed in 1.2.9.1
CVSS
7.2 (high)
Published
2024-03-26
Title
WP Editor < 1.2.9 - Reflected Cross-Site Scripting
Fixed in
Fixed in 1.2.9
CVSS
6.1 (medium)
Published
2024-02-12
Title
WP Editor < 1.2.8 - Sensitive Information Exposure via log file
Fixed in
Fixed in 1.2.8
CVSS
5.3 (medium)
Published
2021-02-01
Title
WP Editor < 1.2.7 - Authenticated SQL injection
Fixed in
Fixed in 1.2.7
CVSS
9.0 (critical)
Published
2016-10-05
Title
WP Editor <= 1.2.6.2 - Multiple Cross-Site Scripting (XSS)
Fixed in
Fixed in 1.2.6.3
CVSS
6.1 (medium)
Published
2016-05-13
Title
WP Editor < 1.2.6 - CSRF & Incorrect Permissions
Fixed in
Fixed in 1.2.6
CVSS
9.8 (critical)