{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/products/wp-editor-plugin--1.2.9.2/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[{"cvss":8.8,"id":"CVE-2026-3772"}],"_cs_exploited":false,"_cs_products":["WP Editor plugin \u003c= 1.2.9.2"],"_cs_severities":["high"],"_cs_tags":["csrf","wordpress","plugin","vulnerability"],"_cs_type":"advisory","_cs_vendors":["WordPress"],"content_html":"\u003cp\u003eThe WP Editor plugin, a WordPress plugin, contains a Cross-Site Request Forgery (CSRF) vulnerability affecting versions up to and including 1.2.9.2. This vulnerability stems from a lack of nonce verification in the \u0026lsquo;add_plugins_page\u0026rsquo; and \u0026lsquo;add_themes_page\u0026rsquo; functions. An unauthenticated attacker can exploit this vulnerability by crafting a malicious request designed to overwrite arbitrary plugin and theme PHP files with attacker-controlled code. The success of this attack hinges on the attacker\u0026rsquo;s ability to deceive a site administrator into triggering the forged request, typically by clicking a specially crafted link. This flaw allows for potential arbitrary code execution on the targeted WordPress site.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker identifies a vulnerable WordPress site running a WP Editor plugin version \u0026lt;= 1.2.9.2.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious HTTP request targeting the \u0026lsquo;add_plugins_page\u0026rsquo; or \u0026lsquo;add_themes_page\u0026rsquo; functions. This request includes parameters designed to overwrite a specific plugin or theme PHP file with attacker-supplied code.\u003c/li\u003e\n\u003cli\u003eThe attacker social engineers a WordPress administrator into clicking a malicious link or visiting a compromised website containing the forged request. This could be achieved via phishing emails or other deceptive techniques.\u003c/li\u003e\n\u003cli\u003eIf the administrator is logged into the WordPress dashboard, their browser automatically sends the forged request to the vulnerable WordPress site.\u003c/li\u003e\n\u003cli\u003eDue to the missing nonce verification, the WordPress site processes the request without validating its origin.\u003c/li\u003e\n\u003cli\u003eThe target plugin or theme PHP file is overwritten with the attacker\u0026rsquo;s malicious code.\u003c/li\u003e\n\u003cli\u003eThe attacker\u0026rsquo;s code is executed when the plugin or theme is loaded or accessed.\u003c/li\u003e\n\u003cli\u003eThe attacker achieves arbitrary code execution on the WordPress server, potentially leading to complete site compromise.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this CSRF vulnerability allows an unauthenticated attacker to inject arbitrary PHP code into a WordPress website. This can lead to a full compromise of the website, including data theft, defacement, or the installation of backdoors for persistent access. Given the widespread use of WordPress and the WP Editor plugin, a large number of websites are potentially at risk. Successful attacks can result in significant reputational damage and financial losses for affected website owners.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade the WP Editor plugin to the latest available version, which includes a fix for CVE-2026-3772.\u003c/li\u003e\n\u003cli\u003eImplement strong CSRF protection measures on all WordPress forms and administrative functions.\u003c/li\u003e\n\u003cli\u003eDeploy the provided Sigma rule to detect attempts to exploit this vulnerability through suspicious requests to the \u003ccode\u003eadd_plugins_page\u003c/code\u003e or \u003ccode\u003eadd_themes_page\u003c/code\u003e endpoints.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-01T12:16:16Z","date_published":"2026-05-01T12:16:16Z","id":"/briefs/2024-01-wp-editor-csrf/","summary":"The WP Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery (CSRF) in versions up to 1.2.9.2, allowing unauthenticated attackers to overwrite arbitrary plugin and theme PHP files with malicious code by tricking a site administrator into clicking a link.","title":"WP Editor Plugin CSRF Vulnerability","url":"https://feed.craftedsignal.io/briefs/2024-01-wp-editor-csrf/"}],"language":"en","title":"CraftedSignal Threat Feed — WP Editor Plugin \u003c= 1.2.9.2","version":"https://jsonfeed.org/version/1.1"}