PT-2021-15699 · WordPress · Theme Editor
Nguyen Van Khanh
·
Published
2021-04-05
·
Updated
2021-04-19
·
CVE-2021-24154
CVSS v3.1
4.9
Medium
| Vector | AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions:
Theme Editor WordPress plugin versions prior to 2.6
Description:
The issue allows administrators to download arbitrary files on the web server, such as /etc/passwd, due to a lack of validation of the GET file parameter before it is passed to the download file() function.
Recommendations:
For Theme Editor WordPress plugin versions prior to 2.6, update to version 2.6 or later to resolve the issue. As a temporary workaround, consider restricting access to the download file() function until a patch is available. Avoid using the
file parameter in affected API endpoints until the issue is resolved.Fix
Files Accessible to External Parties
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Theme Editor