H4Shur

**Name of the Vulnerable Software and Affected Versions** WP Super Edit versions 2.5.4 and earlier **Description** The FCKeditor component contains an unrestricted file upload flaw. Attackers can upload arbitrary and dangerous file types without validation through the 'filemanager upload' endpoint, which can lead to remote code execution and complete system compromise. **Recommendations** Update to a version later than 2.5.4. As a temporary workaround, restrict access to the 'filemanager upload' endpoint to minimize the risk of exploitation.