The plugin Theme Editor (https://en-gb.wordpress.org/plugins/visualizer/) , a plugin that allows you to edit theme files, create folders and more with 30,000+ installs has been identified to have multiple security flaws in version 2.1 and lower.
These vulnerabilities were reported by WebArxSecurity (and details can be found here https://www.webarxsecurity.com/wordpress-theme-editor-plugin-multiple-vulnerabilities/. The author release a fixed version (2.2) on Sept 30th.
Recommendation
Our recommendation is to immediately update to version 2.2
Users of FullWorks Security will have been automatically notified of this vulnerability during their code scan.
If you are not a user of Fullworks Security you can sign up for a free 30 day trial
Or you can sign up to our free newsletter below.
Leave a Reply