← back
CVE-2021-47965

WordPress Plugin WP Super Edit 2.5.4 Unrestricted File Upload

CVSS 9.3 CRITICALEPSS 0.6%CWE-434
WordPress Plugin WP Super Edit 2.5.4 and earlier contains an unrestricted file upload vulnerability in the FCKeditor component that allows attackers to upload dangerous file types without validation. Attackers can upload arbitrary files through the filemanager upload endpoint to achieve remote code execution and complete system compromise.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Affected products
wp-super-edit · WP Super Edit
public PoCs found1
cve_referencewww.exploit-db.com/exploits/49839unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://wordpress.orghttps://wordpress.org/plugins/wp-super-edit/https://www.exploit-db.com/exploits/49839https://www.vulncheck.com/advisories/wordpress-plugin-wp-super-edit-unrestricted-file-upload