Vulnerabilities > Benjaminrojas > WP Editor > 1.1.0.3
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-13 | CVE-2022-2446 | Deserialization of Untrusted Data vulnerability in Benjaminrojas WP Editor The WP Editor plugin for WordPress is vulnerable to deserialization of untrusted input via the 'current_theme_root' parameter in versions up to, and including 1.2.9. | 7.2 |
| 2024-03-17 | CVE-2024-25591 | Unspecified vulnerability in Benjaminrojas WP Editor Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Benjamin Rojas WP Editor.This issue affects WP Editor: from n/a through 1.2.7. | 7.5 |
| 2024-01-16 | CVE-2021-24151 | SQL Injection vulnerability in Benjaminrojas WP Editor The WP Editor WordPress plugin before 1.2.7 did not sanitise or validate its setting fields leading to an authenticated (admin+) blind SQL injection issue via an arbitrary parameter when making a request to save the settings. | 7.2 |
| 2019-08-14 | CVE-2016-10886 | Permissions, Privileges, and Access Controls vulnerability in Benjaminrojas WP Editor The wp-editor plugin before 1.2.6 for WordPress has incorrect permissions. | 9.8 |
| 2019-08-14 | CVE-2016-10885 | Cross-Site Request Forgery (CSRF) vulnerability in Benjaminrojas WP Editor The wp-editor plugin before 1.2.6 for WordPress has CSRF. | 8.8 |