{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-3295", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-04-04T17:16:43.214Z", "datePublished": "2025-04-17T05:23:19.325Z", "dateUpdated": "2026-04-08T16:49:45.110Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:49:45.110Z"}, "affected": [{"vendor": "benjaminprojas", "product": "WP Editor", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "1.2.9.1", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The WP Editor plugin for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 1.2.9.1. This makes it possible for authenticated attackers, with Administrator-level access and above, to read arbitrary files on the affected site's server which may reveal sensitive information."}], "title": "WP Editor <= 1.2.9.1 - Authenticated (Administrator+) Directory Traversal to Arbitrary File Read", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4618c1f4-c0aa-47f5-8c0b-2cb4a021f2e0?source=cve"}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3269832%40wp-editor%2Ftrunk&old=3151053%40wp-editor%2Ftrunk&sfp_email=&sfph_mail="}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "cweId": "CWE-22", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "baseScore": 4.9, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Quang Huynh Ngoc"}], "timeline": [{"time": "2025-04-16T17:11:50.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-04-17T19:11:51.778947Z", "id": "CVE-2025-3295", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-17T19:12:57.011Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-3295", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-04-17T19:11:51.778947Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-17T19:12:50.587Z"}}], "cna": {"title": "WP Editor <= 1.2.9.1 - Authenticated (Administrator+) Directory Traversal to Arbitrary File Read", "credits": [{"lang": "en", "type": "finder", "value": "Quang Huynh Ngoc"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 4.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"}}], "affected": [{"vendor": "benjaminprojas", "product": "WP Editor", "versions": [{"status": "affected", "version": "*", "versionType": "semver", "lessThanOrEqual": "1.2.9.1"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-04-16T17:11:50.000+00:00", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4618c1f4-c0aa-47f5-8c0b-2cb4a021f2e0?source=cve"}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3269832%40wp-editor%2Ftrunk&old=3151053%40wp-editor%2Ftrunk&sfp_email=&sfph_mail="}], "descriptions": [{"lang": "en", "value": "The WP Editor plugin for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 1.2.9.1. This makes it possible for authenticated attackers, with Administrator-level access and above, to read arbitrary files on the affected site's server which may reveal sensitive information."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-22", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2025-04-17T05:23:19.325Z"}}}, "cveMetadata": {"cveId": "CVE-2025-3295", "state": "PUBLISHED", "dateUpdated": "2025-04-17T19:12:57.011Z", "dateReserved": "2025-04-04T17:16:43.214Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-04-17T05:23:19.325Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:benjaminrojas:wp_editor:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "E816FA5A-C24F-434D-A8D4-420F8AF46637", "versionEndExcluding": "1.2.9.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The WP Editor plugin for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 1.2.9.1. This makes it possible for authenticated attackers, with Administrator-level access and above, to read arbitrary files on the affected site's server which may reveal sensitive information."}, {"lang": "es", "value": "El complemento WP Editor para WordPress es vulnerable a la lectura arbitraria de archivos en todas las versiones hasta la 1.2.9.1 incluida. Esto permite que atacantes autenticados, con acceso de administrador o superior, lean archivos arbitrarios en el servidor del sitio afectado, lo que podr\u00eda revelar informaci\u00f3n confidencial."}], "id": "CVE-2025-3295", "lastModified": "2025-07-09T20:16:23.417", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 3.6, "source": "security@wordfence.com", "type": "Primary"}]}, "published": "2025-04-17T06:15:44.257", "references": [{"source": "security@wordfence.com", "tags": ["Patch"], "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3269832%40wp-editor%2Ftrunk&old=3151053%40wp-editor%2Ftrunk&sfp_email=&sfph_mail="}, {"source": "security@wordfence.com", "tags": ["Third Party Advisory"], "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4618c1f4-c0aa-47f5-8c0b-2cb4a021f2e0?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "security@wordfence.com", "type": "Primary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-21T21:18:03.604616+00:00", "value": {"mitigation_remediation": ["Update the WP Editor plugin to the latest version that contains the fix for version 1.2.9.1 and above.", "If an update is not immediately available, temporarily disable the WP Editor plugin until a patched version is released.", "Review and restrict WordPress administrator accounts: remove unnecessary admin privileges and enforce the principle of least privilege."], "summary": {"action": "Apply Patch", "impact": "Arbitrary File Read via Directory Traversal"}, "threat_synthesis": {"affected_systems": "The flaw affects the WP Editor plugin for WordPress developed by Benjamin Rojas. Versions up to and including 1.2.9.1 are vulnerable. No other products or versions are listed as impacted.", "description_and_impact": "The WP Editor plugin contains a directory traversal flaw (CWE\u201122) that permits an authenticated attacker with Administrator privileges or higher to read any file on the server. This capability could expose sensitive configuration, credentials, or user data, thereby compromising confidentiality of the victim site. The vulnerability is limited to plugin code and does not allow arbitrary code execution.", "risk_and_exploitability": "The CVSS score of 4.9 indicates moderate severity, and the EPSS score of less than 1% suggests a low likelihood of exploitation in the wild. The vulnerability is not catalogued in the CISA KEV list. An attacker must be able to authenticate as an administrator to exploit the issue, which limits the scope to sites with elevated user roles. When the necessary privileges are present, the attacker can read arbitrary files on the server."}}}}, "created": "2026-04-21T21:30:45.737391+00:00", "updated": "2026-04-21T21:30:45.737402+00:00", "vendors": []}