Primary

Context

WordPress Plugin WP Super Edit Unrestricted File Upload Vulnerability Allowing Remote Code Execution

Vulnerability

A vulnerability allowing unrestricted file upload has been identified in the WordPress plugin WP Super Edit, specifically in versions through 2.5.4. This issue arises within the FCKeditor component, where attackers can upload dangerous file types without proper validation. The vulnerability allows for arbitrary file uploads via the filemanager upload endpoint, potentially leading to remote code execution and complete system compromise.

Impact

Exploitation of this vulnerability allows for arbitrary file uploads, which can be used to execute malicious code on the server, leading to a complete system compromise.

Reproduction

To reproduce this vulnerability, upload a file through the FCKeditor filemanager upload endpoint. The uploaded file can be accessed via the filemanager browser.

Added: May 15, 2026, 7:42 PM

Updated: May 15, 2026, 7:42 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

8.7

remediation

0.0

relevance

8.4

threat

6.4

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

8.7

remediation

0.0

relevance

8.4

threat

6.4

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

WordPress Plugin WP Super Edit Unrestricted File Upload Vulnerability Allowing Remote Code Execution

Vulnerability

Impact

Reproduction

Affected Products

WP Super Edit

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating