cleantalk
Vulnerabilities and Security Researches

Theme Editor, CVE-2021-24154

CVE, Research URL

CVE-2021-24154

Home page URL

Security reports for Theme Editor

Application

Theme Editor

Published on
Apr 06, 2021
Research Description
The Theme Editor WordPress plugin before 2.6 did not validate the GET file parameter before passing it to the download_file() function, allowing administrators to download arbitrary files on the web server, such as /etc/passwd
Affected versions
max 2.2.
Status
vulnerable
Previous vulnerability researches
Theme Editor (CVE-2022-2440) , Aug 29, 2024
Theme Editor (CVE-2025-9890) , Nov 10, 2025
Theme Editor (CVE-2023-6091) , Jun 07, 2024
Theme Editor (CVE-2021-24154) , Jun 07, 2024
New vulnerability
MultiVendorX Marketplace – WooCommerce MultiVendor Marketplace Solution (CVE-2025-49916) , Nov 10, 2025
Backuply – Backup, Restore, Migrate and Clone (CVE-2025-10307) , Nov 10, 2025
WP Mapbox GL JS Maps (CVE-2025-62942) , Nov 10, 2025
Zip Attachments (CVE-2025-11701) , Nov 10, 2025
Zip Attachments (CVE-2025-11692) , Nov 10, 2025