Site Editor <= 1.1.1 – Local File Inclusion (LFI) | CVE 2018-7422

Affects Plugins

site-editor

No known fix

References

CVE

CVE-2018-7422

URL

https://seclists.org/fulldisclosure/2018/Mar/40

URL

https://github.com/SiteEditor/editor/issues/2

Classification

Type

LFI

OWASP top 10

A1: Injection

CWE

CWE-22

CVSS

7.5 (high)

Miscellaneous

Submitter

ethicalhack3r

Submitter twitter

ethicalhack3r

Verified

No

WPVDB ID

4432ecea-2b01-4d5c-9557-352042a57e44

Timeline

Publicly Published

2018-03-16 (about 7 years ago)

Added

2018-03-19 (about 7 years ago)

Last Updated

2020-09-22 (about 5 years ago)

Other

Published

Title

Published

2025-05-09

Title

WordPress Review Plugin: The Ultimate Solution for Building a Review Website <= 5.3.5 - Authenticated (Contributor+) Local File Inclusion via Post Custom Fields

Published

2015-08-02

Title

recent-backups <= 0.7 - Remote File Download

Published

2024-03-28

Title

Import Export WordPress Users < 2.5.3 - Authenticated (Shop Manager+) Path Traversal

Published

2012-07-10

Title

A Page Flip Book 2.3 - index.php pageflipbook_language Parameter Traversal Local File Inclusion

Published

2025-06-09

Title

CLEVER <= 2.6 - Unauthenticated Arbitrary File Download