CVE-2025-3295

MEDIUM Year: 2025
CVSS v3 Score
4.9
Medium
Weakness Type
CWE-22
View all →

Vulnerability Description

The WP Editor plugin for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 1.2.9.1. This makes it possible for authenticated attackers, with Administrator-level access and above, to read arbitrary files on the affected site's server which may reveal sensitive information.

Related Vulnerabilities

CVE-2016-10528

MEDIUM
CVSS:4.9(Medium)

restafary is a REpresentful State Transfer API for Creating, Reading, Using, Deleting files on a server from the web. Restafary before 1.6.1 is able to set up a root path, which should only allow it t...

CWE-222016

CVE-2016-4004

MEDIUM
CVSS:4.9(Medium)

Directory traversal vulnerability in Dell OpenManage Server Administrator (OMSA) 8.2 allows remote authenticated administrators to read arbitrary files via a ..\ (dot dot backslash) in the file parame...

CWE-222016

CVE-2016-4314

MEDIUM
CVSS:4.9(Medium)

Directory traversal vulnerability in the LogViewer Admin Service in WSO2 Carbon 4.4.5 allows remote authenticated administrators to read arbitrary files via a .. (dot dot) in the logFile parameter to ...

CWE-222016

CVE-2016-5092

MEDIUM
CVSS:4.9(Medium)

Directory traversal vulnerability in Fortinet FortiWeb before 5.5.3 allows remote authenticated administrators with read and write privileges to read arbitrary files by leveraging the autolearn featur...

CWE-222016

CVE-2016-7135

MEDIUM
CVSS:4.9(Medium)

Directory traversal vulnerability in Plone CMS 5.x through 5.0.6 and 4.2.x through 4.3.11 allows remote administrators to read arbitrary files via a .. (dot dot) in the path parameter in a getFile act...

CWE-222016

CVE-2017-10841

MEDIUM
CVSS:4.9(Medium)

Directory traversal vulnerability in WebCalendar 1.2.7 and earlier allows authenticated attackers to read arbitrary files via unspecified vectors.

CWE-222017