cleantalk
Vulnerabilities and Security Researches

Classic Editor +, 9de1809c770d7926b5b7e9ee95199ef6179b6d64

CVE, Research URL

9de1809c770d7926b5b7e9ee95199ef6179b6d64

Home page URL

Security reports for Classic Editor +

Application

Classic Editor +

Published on
Jan 24, 2022
Research Description
Classic Editor + [classic-editor-addon] < 2.6.4 WordPress Classic Editor Addon plugin <= 2.6.3 - Arbitrary Plugin Installation from Dependency via Cross-Site Request Forgery (CSRF) vulnerability Arbitrary Plugin Installation from Dependency via Cross-Site Request Forgery (CSRF) vulnerability discovered by Jan w Oleju in WordPress Classic Editor Addon plugin (versions <= 2.6.3).
Affected versions
max 2.6.4.
Status
vulnerable
Previous vulnerability researches
Classic Editor and Classic Widgets (CVE-2023-27434) , Jun 06, 2024
Classic Editor and Classic Widgets (CVE-2024-47312) , Sep 29, 2024
Classic Editor + (9de1809c770d7926b5b7e9ee95199ef6179b6d64) , Jun 07, 2024
Classic Editor , Jun 06, 2024
New vulnerability
OOPSpam Anti-Spam (CVE-2026-32544) , Mar 31, 2026
NotificationX &#8211; Best FOMO, Social Proof, WooCommerce Sales Popup &amp; Notification Bar Plugin With Elementor (CVE-2026-27042) , Mar 31, 2026
The Conference (CVE-2026-32335) , Mar 31, 2026
WP Booking System &#8211; Booking Calendar (CVE-2025-68515) , Mar 31, 2026
UPI QR Code Payment Gateway for WooCommerce (CVE-2025-67969) , Mar 31, 2026