WP Editor, 9bd82df3361111ce1d4cf7e25e54197d57e5fcf7

CVE, Research URL: 9bd82df3361111ce1d4cf7e25e54197d57e5fcf7
Home page URL: Security reports for WP Editor
Application: WP Editor
Published on: May 12, 2017
Research Description: WP Editor [wp-editor] < 1.2.6 WordPress WP Editor plugin <= 1.2.5.3 - Authenticated Arbitrary File Upload vulnerability WordPress WP Editor plugin Authenticated Arbitrary File Upload vulnerability is in upload_files AJAX function. A user with subscriber or higher role can upload the chosen file to the root directory. Update the plugin.
Affected versions: max 1.2.6.
Status: vulnerable