CVE-2021-47965

Sažetak

WordPress Plugin WP Super Edit 2.5.4 and earlier contains an unrestricted file upload vulnerability in the FCKeditor component that allows attackers to upload dangerous file types without validation. Attackers can upload arbitrary files through the filemanager upload endpoint to achieve remote code execution and complete system compromise.

Reference

https://wordpress.org
https://wordpress.org/plugins/wp-super-edit/
https://www.exploit-db.com/exploits/49839
https://www.vulncheck.com/advisories/wordpress-plugin-wp-super-edit-unrestricted-file-upload

CVSS

Base:	9.8
Impact:	5.9
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
HIGH	HIGH	HIGH

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Zadnje važnije ažuriranje

15-05-2026 - 19:16

Objavljeno

15-05-2026 - 19:16