CVE-2021-47965

CRITICAL CVSS 9.8 View on NVD ↗

Description

WordPress Plugin WP Super Edit 2.5.4 and earlier contains an unrestricted file upload vulnerability in the FCKeditor component that allows attackers to upload dangerous file types without validation. Attackers can upload arbitrary files through the filemanager upload endpoint to achieve remote code execution and complete system compromise.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References

https://wordpress.org
https://wordpress.org/plugins/wp-super-edit/
https://www.exploit-db.com/exploits/49839
https://www.vulncheck.com/advisories/wordpress-plugin-wp-super-edit-unrestricted-file-upload

Published: May 15, 2026 19:16 UTC Modified: May 15, 2026 19:16 UTC