Skip to main content

Editorskit

2 CVEs product

Monthly

CVE-2023-6635 HIGH PATCH This Week

The EditorsKit plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation on the 'import_styles' function in versions up to, and including, 1.40.3. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

WordPress File Upload RCE Editorskit
NVD VulDB
CVSS 3.1
7.2
EPSS
7.6%
CVE-2021-24546 HIGH POC This Week

The Gutenberg Block Editor Toolkit - EditorsKit WordPress plugin before 1.31.6 does not sanitise and validate the Conditional Logic of the Custom Visibility settings, allowing users with a role as. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress RCE PHP Code Injection Editorskit
NVD WPScan
CVSS 3.1
8.8
EPSS
1.8%
EPSS 8% CVSS 7.2
HIGH PATCH This Week

The EditorsKit plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation on the 'import_styles' function in versions up to, and including, 1.40.3. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

WordPress File Upload RCE +1
NVD VulDB
EPSS 2% CVSS 8.8
HIGH POC This Week

The Gutenberg Block Editor Toolkit - EditorsKit WordPress plugin before 1.31.6 does not sanitise and validate the Conditional Logic of the Custom Visibility settings, allowing users with a role as. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress RCE PHP +2
NVD WPScan

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy