Critical severity9.8NVD Advisory· Published May 15, 2026

CVE-2021-47965

Description

WordPress Plugin WP Super Edit 2.5.4 and earlier contains an unrestricted file upload vulnerability in the FCKeditor component that allows attackers to upload dangerous file types without validation. Attackers can upload arbitrary files through the filemanager upload endpoint to achieve remote code execution and complete system compromise.

Affected products

WordPress/Wp Super Editreferences
Package: https://wordpress.org/plugins/wp-super-edit

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

wordpress.orgnvd
wordpress.org/plugins/wp-super-edit/nvd
www.exploit-db.com/exploits/49839nvd
www.vulncheck.com/advisories/wordpress-plugin-wp-super-edit-unrestricted-file-uploadnvd

News mentions

No linked articles in our index yet.

cvss	0.637
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000