Vulnerabilities > Benjaminrojas > WP Editor > 1.1.0.1

DATE CVE VULNERABILITY TITLE RISK
2024-01-16 CVE-2021-24151 SQL Injection vulnerability in Benjaminrojas WP Editor
The WP Editor WordPress plugin before 1.2.7 did not sanitise or validate its setting fields leading to an authenticated (admin+) blind SQL injection issue via an arbitrary parameter when making a request to save the settings.
network
low complexity
benjaminrojas CWE-89
7.2
7.2
2019-08-14 CVE-2016-10886 Permissions, Privileges, and Access Controls vulnerability in Benjaminrojas WP Editor
The wp-editor plugin before 1.2.6 for WordPress has incorrect permissions.
network
low complexity
benjaminrojas CWE-264
critical
 9.8
9.8
2019-08-14 CVE-2016-10885 Cross-Site Request Forgery (CSRF) vulnerability in Benjaminrojas WP Editor
The wp-editor plugin before 1.2.6 for WordPress has CSRF.
network
low complexity
benjaminrojas CWE-352
8.8
8.8