Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.3
CVE-2021-47965: WordPress WP Super Edit allows attackers to upload malicious files
CVE-2021-47965
Summary
A security flaw in the WP Super Edit plugin for WordPress allows hackers to upload harmful files without being checked. This can lead to a hacker gaining control of your website or server. To fix this, update the WP Super Edit plugin to the latest version.
Original title
WordPress Plugin WP Super Edit 2.5.4 and earlier contains an unrestricted file upload vulnerability in the FCKeditor component that allows attackers to upload dangerous file types without validatio...
Original description
WordPress Plugin WP Super Edit 2.5.4 and earlier contains an unrestricted file upload vulnerability in the FCKeditor component that allows attackers to upload dangerous file types without validation. Attackers can upload arbitrary files through the filemanager upload endpoint to achieve remote code execution and complete system compromise.
nvd CVSS3.1
9.8
nvd CVSS4.0
9.3
Vulnerability type
CWE-434
Unrestricted File Upload
Published: 15 May 2026 · Updated: 28 May 2026 · First seen: 15 May 2026