{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-3294", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-04-04T17:13:25.289Z", "datePublished": "2025-04-17T05:23:19.895Z", "dateUpdated": "2026-04-08T17:09:29.025Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:09:29.025Z"}, "affected": [{"vendor": "benjaminprojas", "product": "WP Editor", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "1.2.9.1", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The WP Editor plugin for WordPress is vulnerable to arbitrary file update due to missing file path validation in all versions up to, and including, 1.2.9.1. This makes it possible for authenticated attackers, with Administrator-level access and above, to overwrite arbitrary files on the affected site's server which may make remote code execution possible assuming the files can be written to by the web server."}], "title": "WP Editor <= 1.2.9.1 - Authenticated (Administrator+) Directory Traversal to Arbitrary File Update", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9298820e-3753-41b3-8ba6-9fb494e215a8?source=cve"}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3269832%40wp-editor%2Ftrunk&old=3151053%40wp-editor%2Ftrunk&sfp_email=&sfph_mail="}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "cweId": "CWE-22", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "baseScore": 7.2, "baseSeverity": "HIGH"}}], "credits": [{"lang": "en", "type": "finder", "value": "Quang Huynh Ngoc"}], "timeline": [{"time": "2025-04-16T17:10:07.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-04-17T16:05:07.629569Z", "id": "CVE-2025-3294", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-17T17:10:06.019Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-3294", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-04-17T16:05:07.629569Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-17T17:07:40.443Z"}}], "cna": {"title": "WP Editor <= 1.2.9.1 - Authenticated (Administrator+) Directory Traversal to Arbitrary File Update", "credits": [{"lang": "en", "type": "finder", "value": "Quang Huynh Ngoc"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 7.2, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"}}], "affected": [{"vendor": "benjaminprojas", "product": "WP Editor", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "1.2.9.1"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-04-16T17:10:07.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9298820e-3753-41b3-8ba6-9fb494e215a8?source=cve"}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3269832%40wp-editor%2Ftrunk&old=3151053%40wp-editor%2Ftrunk&sfp_email=&sfph_mail="}], "descriptions": [{"lang": "en", "value": "The WP Editor plugin for WordPress is vulnerable to arbitrary file update due to missing file path validation in all versions up to, and including, 1.2.9.1. This makes it possible for authenticated attackers, with Administrator-level access and above, to overwrite arbitrary files on the affected site's server which may make remote code execution possible assuming the files can be written to by the web server."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-22", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:09:29.025Z"}}}, "cveMetadata": {"cveId": "CVE-2025-3294", "state": "PUBLISHED", "dateUpdated": "2026-04-08T17:09:29.025Z", "dateReserved": "2025-04-04T17:13:25.289Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-04-17T05:23:19.895Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:benjaminrojas:wp_editor:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "E816FA5A-C24F-434D-A8D4-420F8AF46637", "versionEndExcluding": "1.2.9.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The WP Editor plugin for WordPress is vulnerable to arbitrary file update due to missing file path validation in all versions up to, and including, 1.2.9.1. This makes it possible for authenticated attackers, with Administrator-level access and above, to overwrite arbitrary files on the affected site's server which may make remote code execution possible assuming the files can be written to by the web server."}, {"lang": "es", "value": "El complemento WP Editor para WordPress es vulnerable a la actualizaci\u00f3n arbitraria de archivos debido a la falta de validaci\u00f3n de la ruta de archivo en todas las versiones hasta la 1.2.9.1 incluida. Esto permite que atacantes autenticados, con acceso de administrador o superior, sobrescriban archivos arbitrarios en el servidor del sitio afectado, lo que podr\u00eda permitir la ejecuci\u00f3n remota de c\u00f3digo, siempre que el servidor web pueda escribir en los archivos."}], "id": "CVE-2025-3294", "lastModified": "2025-07-09T20:03:56.407", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "security@wordfence.com", "type": "Primary"}]}, "published": "2025-04-17T06:15:43.977", "references": [{"source": "security@wordfence.com", "tags": ["Patch"], "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3269832%40wp-editor%2Ftrunk&old=3151053%40wp-editor%2Ftrunk&sfp_email=&sfph_mail="}, {"source": "security@wordfence.com", "tags": ["Third Party Advisory"], "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9298820e-3753-41b3-8ba6-9fb494e215a8?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "security@wordfence.com", "type": "Primary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-21T21:17:12.773786+00:00", "value": {"mitigation_remediation": ["Upgrade the WP Editor plugin to the latest available version that implements proper file\u2011path validation.", "If an update is unavailable, remove or deactivate the obsolete plugin to eliminate the attack surface.", "Restrict file permissions on the WordPress installation to prevent web\u2011server write access to directories containing core or plugin files, thereby blocking arbitrary updates."], "summary": {"action": "Immediate Patch", "impact": "Arbitrary File Update with potential Remote Code Execution"}, "threat_synthesis": {"affected_systems": "All WordPress sites running the WP Editor plugin by Benjamin Rojas with a version of 1.2.9.1 or earlier are affected. The vulnerability is present across all installation paths that expose the plugin\u2019s file\u2011update functionality to users who have Administrator or higher roles.", "description_and_impact": "The WP Editor plugin contains a flaw that allows an authenticated user with administrative privileges to write arbitrary files to the server. By skipping proper file\u2011path validation in all versions up to 1.2.9.1, it is possible to overwrite configuration, core WordPress, or plugin files, which in turn can lead to code execution if the web server can write to executable files or if resident scripts are replaced.", "risk_and_exploitability": "The CVSS score is 7.2, indicating a medium to high severity. The EPSS score of 2\u2009% suggests it is not highly prevalent in the wild but still worth monitoring. The vulnerability is not listed in the CISA KEV catalog. Attackers must first compromise an administrator account or otherwise gain the necessary role; no remote exploitation is possible without that prerequisite. If compromised, overwriting critical files can lead to remote code execution, depending on file permissions and the nature of the overwritten file."}}}}, "created": "2026-04-21T21:30:45.737098+00:00", "updated": "2026-04-21T21:30:45.737111+00:00", "vendors": []}