What is CVE-2025-3294?

CVE-2025-3294 is a high-severity vulnerability in Benjaminprojas Wp Editor, classified under Path Traversal. CVSS score: 7.2/10. Published 2025-04-17.

How severe is CVE-2025-3294?

High severity. CVSS v3 base score is 7.2 out of 10.

Path Traversal in Benjaminprojas Wp Editor

CVE-2025-3294

The WP Editor plugin for WordPress is vulnerable to arbitrary file update due to missing file path validation in all versions up to, and including, 1.2.9.1. This makes it possible for authenticated attackers, with Administrator-level acces…

Vulnerability class: Path Traversal (Directory Traversal)

EPSS: 0.015 (81.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.2 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H.

Affected products

Benjaminprojas Wp Editor — versions 0

Weakness classification (CWE)

CWE-22 — Path Traversal

References

www.wordfence.com/threat-intel/vulnerabilities/id/9298820e-3753-41b3-8ba6-9fb49…
plugins.trac.wordpress.org/changeset

Frequently asked questions

What is CVE-2025-3294?: CVE-2025-3294 is a high-severity vulnerability in Benjaminprojas Wp Editor, classified under Path Traversal. CVSS score: 7.2/10. Published 2025-04-17.
How severe is CVE-2025-3294?: High severity. CVSS v3 base score is 7.2 out of 10.