VYPR

Theme Editor

by WordPress

Source repositories

CVEs (5)

  • CVE-2026-39640CriApr 8, 2026
    risk 0.62cvss 9.6epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in mndpsingh287 Theme Editor theme-editor allows Code Injection.This issue affects Theme Editor: from n/a through <= 3.2.

  • CVE-2025-9890HigOct 18, 2025
    risk 0.57cvss 8.8epss 0.00

    The Theme Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.0. This is due to missing or incorrect nonce validation on the 'theme_editor_theme' page. This makes it possible for unauthenticated attackers to achieve…

  • CVE-2023-6091HigMar 26, 2024
    risk 0.47cvss 7.2epss 0.01

    Unrestricted Upload of File with Dangerous Type vulnerability in mndpsingh287 Theme Editor.This issue affects Theme Editor: from n/a through 2.7.1.

  • CVE-2022-2440Aug 29, 2024
    risk 0.00cvss epss 0.01

    The Theme Editor plugin for WordPress is vulnerable to deserialization of untrusted input via the 'images_array' parameter in versions up to, and including 2.8. This makes it possible for authenticated attackers with administrative privileges to call files using a PHAR wrapper…

  • CVE-2021-24154Apr 5, 2021
    risk 0.00cvss epss 0.01

    The Theme Editor WordPress plugin before 2.6 did not validate the GET file parameter before passing it to the download_file() function, allowing administrators to download arbitrary files on the web server, such as /etc/passwd