Vulnerabilities > CVE-2021-24154 - Files or Directories Accessible to External Parties vulnerability in Themeeditor Theme Editor
Attack vector
NETWORK Attack complexity
LOW Privileges required
SINGLE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
The Theme Editor WordPress plugin before 2.6 did not validate the GET file parameter before passing it to the download_file() function, allowing administrators to download arbitrary files on the web server, such as /etc/passwd
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |