CVE-2025-3294

The WP Editor plugin for WordPress is vulnerable to arbitrary file update due to missing file path validation in all versions up to, and including, 1.2.9.1. This makes it possible for authenticated attackers, with Administrator-level access and above, to overwrite arbitrary files on the affected site's server which may make remote code execution possible assuming the files can be written to by the web server.

CVSS v3 7.2 HIGH

7.2^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.2 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3269832%40wp-editor%2Ftrunk&old=3151053%40wp-editor%2Ftrunk&sfp_email=&sfph_mail=	Patch
https://www.wordfence.com/threat-intel/vulnerabilities/id/9298820e-3753-41b3-8ba6-9fb494e215a8?source=cve	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:benjaminrojas:wp_editor:*:*:*:*:*:wordpress:*:*

History

No history.

Information

Published : 2025-04-17 06:15

Updated : 2025-07-09 20:03

NVD link : CVE-2025-3294

Mitre link : CVE-2025-3294

CVE.ORG link : CVE-2025-3294

JSON object : View

Products Affected

benjaminrojas

wp_editor

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

{"id": "CVE-2025-3294", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.2}]}, "published": "2025-04-17T06:15:43.977", "references": [{"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3269832%40wp-editor%2Ftrunk&old=3151053%40wp-editor%2Ftrunk&sfp_email=&sfph_mail=", "tags": ["Patch"], "source": "[email protected]"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9298820e-3753-41b3-8ba6-9fb494e215a8?source=cve", "tags": ["Third Party Advisory"], "source": "[email protected]"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "The WP Editor plugin for WordPress is vulnerable to arbitrary file update due to missing file path validation in all versions up to, and including, 1.2.9.1. This makes it possible for authenticated attackers, with Administrator-level access and above, to overwrite arbitrary files on the affected site's server which may make remote code execution possible assuming the files can be written to by the web server."}, {"lang": "es", "value": "El complemento WP Editor para WordPress es vulnerable a la actualizaci\u00f3n arbitraria de archivos debido a la falta de validaci\u00f3n de la ruta de archivo en todas las versiones hasta la 1.2.9.1 incluida. Esto permite que atacantes autenticados, con acceso de administrador o superior, sobrescriban archivos arbitrarios en el servidor del sitio afectado, lo que podr\u00eda permitir la ejecuci\u00f3n remota de c\u00f3digo, siempre que el servidor web pueda escribir en los archivos."}], "lastModified": "2025-07-09T20:03:56.407", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:benjaminrojas:wp_editor:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "E816FA5A-C24F-434D-A8D4-420F8AF46637", "versionEndExcluding": "1.2.9.2"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}