WP Editor < 1.2.9.2 – Authenticated (Administrator+) Directory Traversal to Arbitrary File Update | CVE 2025-3294 | Plugin Vulnerabilities

Description

The WP Editor plugin for WordPress is vulnerable to arbitrary file update due to missing file path validation in all versions up to, and including, 1.2.9.1. This makes it possible for authenticated attackers, with Administrator-level access and above, to overwrite arbitrary files on the affected site's server which may make remote code execution possible assuming the files can be written to by the web server.

Affects Plugins

Fixed in 1.2.9.2

References

CVE

URL

https://www.wordfence.com/threat-intel/vulnerabilities/id/9298820e-3753-41b3-8ba6-9fb494e215a8

Classification

Type

LFI

OWASP top 10

CWE

CVSS

Miscellaneous

Original Researcher

nquangit

Verified

No

WPVDB ID

7fb97a3b-6d40-4a48-ace9-c4d41d4e5bc9

Timeline

Publicly Published

2025-04-16 (about 1 year ago)

Added

2025-04-16 (about 1 year ago)

Last Updated

2025-04-17 (about 1 year ago)

Other

Published

Title

Published

2022-01-24

Title

Popup Builder < 4.0.7 - LFI to RCE

Published

2022-01-31

Title

Essential Addons for Elementor < 5.0.5 - Unauthenticated LFI

Published

2014-08-01

Title

DM Albums - Multiple Remote File Disclosure

Published

2025-08-12

Title

Multiple elFinder Plugins - Arbitrary File Deletion via Traversal

Published

2022-02-01

Title

Cost Calculator <= 1.8 - Authenticated Local File Inclusion