Medium severity4.9NVD Advisory· Published Apr 17, 2025· Updated Jun 17, 2026
CVE-2025-3295
CVE-2025-3295
Description
The WP Editor plugin for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 1.2.9.1. This makes it possible for authenticated attackers, with Administrator-level access and above, to read arbitrary files on the affected site's server which may reveal sensitive information.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: 0
Patches
Vulnerability mechanics
References
2- plugins.trac.wordpress.org/changesetnvdPatch
- www.wordfence.com/threat-intel/vulnerabilities/id/4618c1f4-c0aa-47f5-8c0b-2cb4a021f2e0nvdThird Party Advisory
News mentions
0No linked articles in our index yet.