CVE-2021-47965
WordPress Plugin WP Super Edit 2.5.4 Unrestricted File Upload
Vexday Risk Score
48Atención
Decisión SSVC (CISA)
Attend
PoC disponible → seguir de cerca
CVSS 9.3EPSS 0.6%KEV nãoPoC públicaNuclei —Metasploit —Patch —
Ciclo de vida
15 may 2026Publicada en NVD
Recomendación: Planificar corrección próxima — ya existe PoC pública.
WordPress Plugin WP Super Edit 2.5.4 and earlier contains an unrestricted file upload vulnerability in the FCKeditor component that allows attackers to upload dangerous file types without validation. Attackers can upload arbitrary files through the filemanager upload endpoint to achieve remote code execution and complete system compromise.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Productos afectados
wp-super-edit · WP Super EditPoCs públicas encontradas — 1
cve_referencewww.exploit-db.com/exploits/49839no verificado⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.