CRITICAL
wp-super-edit
CVE published 2026-05-15
CVE-2021-47965
CVE-2021-47965 documents an unrestricted file upload vulnerability in the WordPress plugin WP Super Edit versions 2.5.4 and earlier. The vulnerability resides in the FCKeditor component, which fails to validate uploaded file types. Attackers can leverage the filemanager upload endpoint to upload arbitrary files, potentially achieving remote code execution and complete system compromise. The vulnerability [truncated]