Search criteria
6 vulnerabilities found for theme_editor by themeeditor
FKIE_CVE-2022-2440
Vulnerability from fkie_nvd - Published: 2024-08-29 11:15 - Updated: 2025-07-10 15:29
Severity ?
Summary
The Theme Editor plugin for WordPress is vulnerable to deserialization of untrusted input via the 'images_array' parameter in versions up to, and including 2.8. This makes it possible for authenticated attackers with administrative privileges to call files using a PHAR wrapper that will deserialize and call arbitrary PHP Objects that can be used to perform a variety of malicious actions granted a POP chain is also present. It also requires that the attacker is successful in uploading a file with the serialized payload.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| themeeditor | theme_editor | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:themeeditor:theme_editor:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "5D8A93B3-8E85-4CB7-9359-9F0B7787DF19",
"versionEndExcluding": "2.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Theme Editor plugin for WordPress is vulnerable to deserialization of untrusted input via the \u0027images_array\u0027 parameter in versions up to, and including 2.8. This makes it possible for authenticated attackers with administrative privileges to call files using a PHAR wrapper that will deserialize and call arbitrary PHP Objects that can be used to perform a variety of malicious actions granted a POP chain is also present. It also requires that the attacker is successful in uploading a file with the serialized payload."
},
{
"lang": "es",
"value": "El complemento Theme Editor para WordPress es vulnerable a la deserializaci\u00f3n de entradas no confiables a trav\u00e9s del par\u00e1metro \u0027images_array\u0027 en versiones hasta la 2.8 incluida. Esto permite que atacantes autenticados con privilegios administrativos llamen a archivos utilizando un contenedor PHAR que deserializar\u00e1 y llamar\u00e1 a objetos PHP arbitrarios que se pueden usar para realizar una variedad de acciones maliciosas siempre que tambi\u00e9n est\u00e9 presente una cadena POP. Tambi\u00e9n requiere que el atacante cargue con \u00e9xito un archivo con la carga serializada."
}
],
"id": "CVE-2022-2440",
"lastModified": "2025-07-10T15:29:43.333",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "security@wordfence.com",
"type": "Secondary"
}
]
},
"published": "2024-08-29T11:15:23.790",
"references": [
{
"source": "security@wordfence.com",
"tags": [
"Product"
],
"url": "https://plugins.trac.wordpress.org/browser/theme-editor/trunk/ms_child_theme_editor.php#L495"
},
{
"source": "security@wordfence.com",
"tags": [
"Patch"
],
"url": "https://plugins.trac.wordpress.org/changeset/3142694/"
},
{
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/88fe46bf-8e85-4550-92ad-bdd426e5a745?source=cve"
}
],
"sourceIdentifier": "security@wordfence.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-502"
}
],
"source": "security@wordfence.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2021-24154
Vulnerability from fkie_nvd - Published: 2021-04-05 19:15 - Updated: 2024-11-21 05:52
Severity ?
Summary
The Theme Editor WordPress plugin before 2.6 did not validate the GET file parameter before passing it to the download_file() function, allowing administrators to download arbitrary files on the web server, such as /etc/passwd
References
| URL | Tags | ||
|---|---|---|---|
| contact@wpscan.com | https://wpscan.com/vulnerability/566c6836-fc3d-4dd9-b351-c3d9da9ec22e | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://wpscan.com/vulnerability/566c6836-fc3d-4dd9-b351-c3d9da9ec22e | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| themeeditor | theme_editor | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:themeeditor:theme_editor:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "3CC27C30-7941-4EBE-93A1-5ADBBAA565A8",
"versionEndExcluding": "2.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Theme Editor WordPress plugin before 2.6 did not validate the GET file parameter before passing it to the download_file() function, allowing administrators to download arbitrary files on the web server, such as /etc/passwd"
},
{
"lang": "es",
"value": "El plugin Theme Editor de WordPress versiones anteriores a 2.6, no comprobaba el par\u00e1metro de archivo GET antes de pasarlo a la funci\u00f3n download_file(), permitiendo a administradores descargar archivos arbitrarios en el servidor web, como /etc/passwd"
}
],
"id": "CVE-2021-24154",
"lastModified": "2024-11-21T05:52:28.910",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-04-05T19:15:14.640",
"references": [
{
"source": "contact@wpscan.com",
"tags": [
"Third Party Advisory"
],
"url": "https://wpscan.com/vulnerability/566c6836-fc3d-4dd9-b351-c3d9da9ec22e"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://wpscan.com/vulnerability/566c6836-fc3d-4dd9-b351-c3d9da9ec22e"
}
],
"sourceIdentifier": "contact@wpscan.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-552"
}
],
"source": "contact@wpscan.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-552"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2022-2440 (GCVE-0-2022-2440)
Vulnerability from cvelistv5 – Published: 2024-08-29 03:30 – Updated: 2024-08-29 14:01
VLAI?
Title
Theme Editor <= 2.8 - Authenticated (Admin+) PHAR Deserialization
Summary
The Theme Editor plugin for WordPress is vulnerable to deserialization of untrusted input via the 'images_array' parameter in versions up to, and including 2.8. This makes it possible for authenticated attackers with administrative privileges to call files using a PHAR wrapper that will deserialize and call arbitrary PHP Objects that can be used to perform a variety of malicious actions granted a POP chain is also present. It also requires that the attacker is successful in uploading a file with the serialized payload.
Severity ?
7.2 (High)
CWE
- CWE-502 - Deserialization of Untrusted Data
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| mndpsingh287 | Theme Editor |
Affected:
* , ≤ 2.8
(semver)
|
Credits
Rasoul Jahanshahi
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:mndpsingh287:theme_editor:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "theme_editor",
"vendor": "mndpsingh287",
"versions": [
{
"lessThanOrEqual": "2.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-2440",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-29T14:00:55.550101Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-29T14:01:39.603Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Theme Editor",
"vendor": "mndpsingh287",
"versions": [
{
"lessThanOrEqual": "2.8",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Rasoul Jahanshahi"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Theme Editor plugin for WordPress is vulnerable to deserialization of untrusted input via the \u0027images_array\u0027 parameter in versions up to, and including 2.8. This makes it possible for authenticated attackers with administrative privileges to call files using a PHAR wrapper that will deserialize and call arbitrary PHP Objects that can be used to perform a variety of malicious actions granted a POP chain is also present. It also requires that the attacker is successful in uploading a file with the serialized payload."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-29T03:30:46.255Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/88fe46bf-8e85-4550-92ad-bdd426e5a745?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/theme-editor/trunk/ms_child_theme_editor.php#L495"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3142694/"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-08-28T00:00:00.000+00:00",
"value": "Disclosed"
}
],
"title": "Theme Editor \u003c= 2.8 - Authenticated (Admin+) PHAR Deserialization"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2022-2440",
"datePublished": "2024-08-29T03:30:46.255Z",
"dateReserved": "2022-07-15T14:24:17.655Z",
"dateUpdated": "2024-08-29T14:01:39.603Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-24154 (GCVE-0-2021-24154)
Vulnerability from cvelistv5 – Published: 2021-04-05 18:27 – Updated: 2024-08-03 19:21
VLAI?
Title
Theme Editor < 2.6 - Authenticated Arbitrary File Download
Summary
The Theme Editor WordPress plugin before 2.6 did not validate the GET file parameter before passing it to the download_file() function, allowing administrators to download arbitrary files on the web server, such as /etc/passwd
Severity ?
No CVSS data available.
CWE
- CWE-552 - Files or Directories Accessible to External Parties
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | Theme Editor |
Affected:
2.6 , < 2.6
(custom)
|
Credits
Nguyen Van Khanh - SunCSR (Sun* Cyber Security Research)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:21:18.397Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/566c6836-fc3d-4dd9-b351-c3d9da9ec22e"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Theme Editor",
"vendor": "Unknown",
"versions": [
{
"lessThan": "2.6",
"status": "affected",
"version": "2.6",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Nguyen Van Khanh - SunCSR (Sun* Cyber Security Research)"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Theme Editor WordPress plugin before 2.6 did not validate the GET file parameter before passing it to the download_file() function, allowing administrators to download arbitrary files on the web server, such as /etc/passwd"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-552",
"description": "CWE-552 Files or Directories Accessible to External Parties",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-05T18:27:42",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wpscan.com/vulnerability/566c6836-fc3d-4dd9-b351-c3d9da9ec22e"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Theme Editor \u003c 2.6 - Authenticated Arbitrary File Download",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24154",
"STATE": "PUBLIC",
"TITLE": "Theme Editor \u003c 2.6 - Authenticated Arbitrary File Download"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Theme Editor",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "2.6",
"version_value": "2.6"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Nguyen Van Khanh - SunCSR (Sun* Cyber Security Research)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Theme Editor WordPress plugin before 2.6 did not validate the GET file parameter before passing it to the download_file() function, allowing administrators to download arbitrary files on the web server, such as /etc/passwd"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-552 Files or Directories Accessible to External Parties"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/566c6836-fc3d-4dd9-b351-c3d9da9ec22e",
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/566c6836-fc3d-4dd9-b351-c3d9da9ec22e"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24154",
"datePublished": "2021-04-05T18:27:42",
"dateReserved": "2021-01-14T00:00:00",
"dateUpdated": "2024-08-03T19:21:18.397Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2440 (GCVE-0-2022-2440)
Vulnerability from nvd – Published: 2024-08-29 03:30 – Updated: 2024-08-29 14:01
VLAI?
Title
Theme Editor <= 2.8 - Authenticated (Admin+) PHAR Deserialization
Summary
The Theme Editor plugin for WordPress is vulnerable to deserialization of untrusted input via the 'images_array' parameter in versions up to, and including 2.8. This makes it possible for authenticated attackers with administrative privileges to call files using a PHAR wrapper that will deserialize and call arbitrary PHP Objects that can be used to perform a variety of malicious actions granted a POP chain is also present. It also requires that the attacker is successful in uploading a file with the serialized payload.
Severity ?
7.2 (High)
CWE
- CWE-502 - Deserialization of Untrusted Data
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| mndpsingh287 | Theme Editor |
Affected:
* , ≤ 2.8
(semver)
|
Credits
Rasoul Jahanshahi
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:mndpsingh287:theme_editor:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "theme_editor",
"vendor": "mndpsingh287",
"versions": [
{
"lessThanOrEqual": "2.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-2440",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-29T14:00:55.550101Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-29T14:01:39.603Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Theme Editor",
"vendor": "mndpsingh287",
"versions": [
{
"lessThanOrEqual": "2.8",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Rasoul Jahanshahi"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Theme Editor plugin for WordPress is vulnerable to deserialization of untrusted input via the \u0027images_array\u0027 parameter in versions up to, and including 2.8. This makes it possible for authenticated attackers with administrative privileges to call files using a PHAR wrapper that will deserialize and call arbitrary PHP Objects that can be used to perform a variety of malicious actions granted a POP chain is also present. It also requires that the attacker is successful in uploading a file with the serialized payload."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-29T03:30:46.255Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/88fe46bf-8e85-4550-92ad-bdd426e5a745?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/theme-editor/trunk/ms_child_theme_editor.php#L495"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3142694/"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-08-28T00:00:00.000+00:00",
"value": "Disclosed"
}
],
"title": "Theme Editor \u003c= 2.8 - Authenticated (Admin+) PHAR Deserialization"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2022-2440",
"datePublished": "2024-08-29T03:30:46.255Z",
"dateReserved": "2022-07-15T14:24:17.655Z",
"dateUpdated": "2024-08-29T14:01:39.603Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-24154 (GCVE-0-2021-24154)
Vulnerability from nvd – Published: 2021-04-05 18:27 – Updated: 2024-08-03 19:21
VLAI?
Title
Theme Editor < 2.6 - Authenticated Arbitrary File Download
Summary
The Theme Editor WordPress plugin before 2.6 did not validate the GET file parameter before passing it to the download_file() function, allowing administrators to download arbitrary files on the web server, such as /etc/passwd
Severity ?
No CVSS data available.
CWE
- CWE-552 - Files or Directories Accessible to External Parties
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | Theme Editor |
Affected:
2.6 , < 2.6
(custom)
|
Credits
Nguyen Van Khanh - SunCSR (Sun* Cyber Security Research)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:21:18.397Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/566c6836-fc3d-4dd9-b351-c3d9da9ec22e"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Theme Editor",
"vendor": "Unknown",
"versions": [
{
"lessThan": "2.6",
"status": "affected",
"version": "2.6",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Nguyen Van Khanh - SunCSR (Sun* Cyber Security Research)"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Theme Editor WordPress plugin before 2.6 did not validate the GET file parameter before passing it to the download_file() function, allowing administrators to download arbitrary files on the web server, such as /etc/passwd"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-552",
"description": "CWE-552 Files or Directories Accessible to External Parties",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-05T18:27:42",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wpscan.com/vulnerability/566c6836-fc3d-4dd9-b351-c3d9da9ec22e"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Theme Editor \u003c 2.6 - Authenticated Arbitrary File Download",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24154",
"STATE": "PUBLIC",
"TITLE": "Theme Editor \u003c 2.6 - Authenticated Arbitrary File Download"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Theme Editor",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "2.6",
"version_value": "2.6"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Nguyen Van Khanh - SunCSR (Sun* Cyber Security Research)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Theme Editor WordPress plugin before 2.6 did not validate the GET file parameter before passing it to the download_file() function, allowing administrators to download arbitrary files on the web server, such as /etc/passwd"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-552 Files or Directories Accessible to External Parties"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/566c6836-fc3d-4dd9-b351-c3d9da9ec22e",
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/566c6836-fc3d-4dd9-b351-c3d9da9ec22e"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24154",
"datePublished": "2021-04-05T18:27:42",
"dateReserved": "2021-01-14T00:00:00",
"dateUpdated": "2024-08-03T19:21:18.397Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}