Vulnerabilities > Siteeditor

DATE CVE VULNERABILITY TITLE RISK
2018-03-19 CVE-2018-7422 Inclusion of Functionality from Untrusted Control Sphere vulnerability in Siteeditor Site Editor 1.0.0/1.1.0/1.1.1
A Local File Inclusion vulnerability in the Site Editor plugin through 1.1.1 for WordPress allows remote attackers to retrieve arbitrary files via the ajax_path parameter to editor/extensions/pagebuilder/includes/ajax_shortcode_pattern.php, aka absolute path traversal.
network
low complexity
siteeditor CWE-829
7.5