CVE-2021-47965

CRITICAL 9.8

WordPress Plugin WP Super Edit 2.5.4 Unrestricted File Upload

CVSS Score

9.8

EPSS Score

0.0%

EPSS Percentile

0th

WordPress Plugin WP Super Edit 2.5.4 and earlier contains an unrestricted file upload vulnerability in the FCKeditor component that allows attackers to upload dangerous file types without validation. Attackers can upload arbitrary files through the filemanager upload endpoint to achieve remote code execution and complete system compromise.

CWE	CWE-434
Vendor	wp-super-edit
Product	wp super edit
Published	May 15, 2026
Last Updated	May 15, 2026

Stay Ahead of the Next One

Get instant alerts for wp-super-edit wp super edit

Be the first to know when new critical vulnerabilities affecting wp-super-edit wp super edit are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Affected Versions

wp-super-edit / WP Super Edit

2.5.4

References

NVD ↗ CVE.org ↗ EPSS Data ↗

exploit-db.com: https://www.exploit-db.com/exploits/49839 wordpress.org: https://wordpress.org wordpress.org: https://wordpress.org/plugins/wp-super-edit/ vulncheck.com: https://www.vulncheck.com/advisories/wordpress-plugin-wp-super-edit-unrestricted-file-upload

Credits

h4shur