Critical severity9.8NVD Advisory· Published Sep 28, 2018· Updated Jun 17, 2026
CVE-2018-17573
CVE-2018-17573
Description
The Wp-Insert plugin through 2.4.2 for WordPress allows upload of arbitrary PHP code because of the exposure and configuration of FCKeditor under fckeditor/editor/filemanager/browser/default/browser.html, fckeditor/editor/filemanager/connectors/test.html, and fckeditor/editor/filemanager/connectors/uploadtest.html.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2<=2.4.2+ 1 more
- (no CPE)range: <=2.4.2
- (no CPE)range: <=2.4.2
Patches
Vulnerability mechanics
References
2- cxsecurity.com/issue/WLB-2018090255nvdExploitThird Party Advisory
- packetstormsecurity.com/files/149568/WordPress-WP-Insert-2.4.2-Arbitrary-File-Upload.htmlnvdExploitThird Party AdvisoryVDB Entry
News mentions
0No linked articles in our index yet.