Vulnerabilities and security researches forwp-super-edit wp-super-edit

Nov 12, 2025

CVE, Research URL: CVE-2025-49948
Home page URL: Security reports for WP Super Edit
Application: WP Super Edit
Date: Oct 22, 2025
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ahmad Awais WP Super Edit wp-super-edit allows Reflected XSS.This issue affects WP Super Edit: from n/a through <= 2.5.4.
Affected versions: max 2.5.4.
Status: vulnerable

May 17, 2026

CVE, Research URL: CVE-2021-47965
Home page URL: Security reports for WP Super Edit
Application: WP Super Edit
Date: May 16, 2026
Research Description: WordPress Plugin WP Super Edit 2.5.4 and earlier contains an unrestricted file upload vulnerability in the FCKeditor component that allows attackers to upload dangerous file types without validation. Attackers can upload arbitrary files through the filemanager upload endpoint to achieve remote code execution and complete system compromise.
Affected versions: max 2.5.4.
Status: vulnerable