Vulnerabilities and security researches forcode-explorer code-explorer

Feb 27, 2026

CVE, Research URL: CVE-2025-15487
Home page URL: Security reports for Code Explorer
Application: Code Explorer
Date: Feb 04, 2026
Research Description: The Code Explorer plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.4.6 via the 'file' parameter. This makes it possible for authenticated attackers, with Administrator-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information.
Affected versions: max 1.4.6.
Status: vulnerable

Oct 31, 2024

CVE, Research URL: CVE-2023-5816
Home page URL: Security reports for Code Explorer
Application: Code Explorer
Date: Oct 30, 2024
Research Description: The Code Explorer plugin for WordPress is vulnerable to arbitrary external file reading in all versions up to, and including, 1.4.5. This is due to the fact that the plugin does not restrict accessing files to those outside of the WordPress instance, though the intention of the plugin is to only access WordPress related files. This makes it possible for authenticated attackers, with administrator-level access, to read files outside of the WordPress instance.
Affected versions: max 1.4.5.
Status: vulnerable