CVE-2021-47965
CriticalSummary
The WordPress Plugin WP Super Edit version 2.5.4 and earlier contains an unrestricted file upload vulnerability in the FCKeditor component, allowing attackers to upload dangerous file types without validation.
Risk Assessment
Attackers can upload arbitrary files through the filemanager upload endpoint, leading to remote code execution and complete system compromise.
Recommendation
It is recommended to update the WP Super Edit plugin to the latest version to mitigate this vulnerability and implement additional security measures regarding file uploads.
Original NVD description (English source)
WordPress Plugin WP Super Edit 2.5.4 and earlier contains an unrestricted file upload vulnerability in the FCKeditor component that allows attackers to upload dangerous file types without validation. Attackers can upload arbitrary files through the filemanager upload endpoint to achieve remote code execution and complete system compromise.

