CVE-2018-7422

Name of the Vulnerable Software and Affected Versions Site Editor plugin versions prior to 1.2.0

Description A Local File Inclusion issue allows remote attackers to retrieve arbitrary files via the ajax path parameter to "editor/extensions/pagebuilder/includes/ajax shortcode pattern.php". This is an example of absolute path traversal.

Recommendations For Site Editor plugin versions prior to 1.2.0, update to version 1.2.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the "editor/extensions/pagebuilder/includes/ajax shortcode pattern.php" file until a patch is available. Avoid using the ajax path parameter in the affected endpoint until the issue is resolved.