What is CVE-2025-3294 — Directory Traversal in WP Editor?

CVE-2025-3294 is a Directory Traversal vulnerability in the WP Editor WordPress plugin, allowing authenticated attackers to overwrite files.

Am I affected by CVE-2025-3294 in WP Editor?

If you are using the WP Editor plugin in WordPress versions 0.0.0–1.2.9.1, you are potentially affected by this vulnerability.

How do I fix CVE-2025-3294 in WP Editor?

Upgrade the WP Editor plugin to the latest available version as soon as a patch is released by the plugin developer. Until then, restrict file upload permissions.

Is CVE-2025-3294 being actively exploited?

There is no confirmed active exploitation of CVE-2025-3294 at this time, but the vulnerability's nature makes it a potential target.

Where can I find the official WP Editor advisory for CVE-2025-3294?

Refer to the plugin developer's website or the WordPress plugin repository for official advisories and updates regarding CVE-2025-3294.

CVE-2025-3294 — Vulnerability Details

NEXTGUARD

Gratis scannen

CVE-2025-3294 — Vulnerability Details | NextGuard

Detectiestappenwordt vertaald…

• wordpress / composer / npm:

grep -r "wp-content/plugins/wp-editor/includes/file-handler.php" /var/www/html/

• wordpress / composer / npm:

wp plugin list --status=inactive | grep wp-editor

• wordpress / composer / npm:

wp plugin list | grep wp-editor

WP Editor <= 1.2.9.1 - Authentiek (Administrator+) Directory Traversal naar Willekeurige Bestand Update

Impact en Aanvalsscenarios

Uitbuitingscontext

Wie Loopt Risicowordt vertaald…

Detectiestappenwordt vertaald…

Aanvalstijdlijn

Dreigingsinformatie

Getroffen Software

Zwakheidsclassificatie (CWE)

Tijdlijn

Mitigatie en Workarounds

Hoe te verhelpenwordt vertaald…

CVE Beveiligingsnieuwsbrief

Veelgestelde vragenwordt vertaald…

What is CVE-2025-3294 — Directory Traversal in WP Editor?

Am I affected by CVE-2025-3294 in WP Editor?

How do I fix CVE-2025-3294 in WP Editor?

Is CVE-2025-3294 being actively exploited?

Where can I find the official WP Editor advisory for CVE-2025-3294?

Pakketinformatie

Is jouw project getroffen?

Detecteer deze CVE in je project