Vulnerabilities and security researches forwpide wpide

Jun 07, 2024

CVE, Research URL: CVE-2022-40217
Home page URL: Security reports for WPIDE – File Manager & Code Editor
Application: WPIDE – File Manager & Code Editor
Date: Sep 22, 2022
Research Description: Authenticated (admin+) Arbitrary File Edit/Upload vulnerability in XplodedThemes WPide plugin <= 2.6 at WordPress.
Affected versions: max 3.4.7.
Status: vulnerable

CVE, Research URL: CVE-2022-2261
Home page URL: Security reports for WPIDE – File Manager & Code Editor
Application: WPIDE – File Manager & Code Editor
Date: Aug 29, 2022
Research Description: The WPIDE WordPress plugin before 3.0 does not sanitize and validate the filename parameter before using it in a require statement in the admin dashboard, leading to a Local File Inclusion issue.
Affected versions: max 3.0.
Status: vulnerable

CVE, Research URL: CVE-2022-35235
Home page URL: Security reports for WPIDE – File Manager & Code Editor
Application: WPIDE – File Manager & Code Editor
Date: Aug 23, 2022
Research Description: Authenticated (admin+) Arbitrary File Read vulnerability in XplodedThemes WPide plugin <= 2.6 at WordPress.
Affected versions: max 3.0.
Status: vulnerable

Oct 15, 2024

CVE, Research URL: CVE-2024-9546
Home page URL: Security reports for WPIDE – File Manager & Code Editor
Application: WPIDE – File Manager & Code Editor
Date: Oct 15, 2024
Research Description: The WPIDE – File Manager & Code Editor plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.4.9. This is due to the plugin utilizing the PHP-Parser library, which outputs parser rebuild command execution results. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website.
Affected versions: max 3.5.0.
Status: vulnerable

Apr 28, 2026

PSC, Research URL: PSC-2026-64652
Home page URL: Security reports for WPIDE – File Manager & Code Editor
Application: WPIDE – File Manager & Code Editor
Date: Apr 28, 2026
Research Description: File manager and code editor plugins operate on one of the most security-critical boundaries in WordPress because they provide direct access to site files, plugin and theme code, uploaded assets, archive operations, and in some cases filesystem-level modification workflows from inside wp-admin. A weakness in this class of plugin can lead to arbitrary file upload, unauthorized file read or deletion, stored XSS through file metadata or previews, privilege escalation, remote code execution, or full site compromise if attackers gain access to unsafe file editing paths. WPIDE – File Manager & Code Editor version 3.5.6 has successfully completed the CleanTalk Plugin Security Certification process and received PSC-2026-64652, confirming that the plugin was reviewed from a secure code perspective with attention to the most common exploitation paths for WordPress file manager, code editor, archive handling, and filesystem administration plugins.
Affected versions: Min 3.5.6, max 3.5.6.
Status: SAFE & CERTIFIED