Skip to content

Wordpress Plugin WP Super Edit 2.5.4 - Remote File Upload #12709

New issue
New issue
Open
Open
Wordpress Plugin WP Super Edit 2.5.4 - Remote File Upload#12709
Assignees
ritikchaddha
Labels
template-contributionNuclei template contribution
@0xr2r

Description

@0xr2r
0xr2r
opened on Jul 25, 2025

Is there an existing template for this?

  • I have searched the existing templates.

Nuclei Template

''

id: wordpress-wp-super-edit-file-upload

info:
  name: WordPress WP Super Edit File Upload
  author: 0xr2r
  severity: high
  description: |
    WordPress Plugin "wp-super-edit" allows attackers to upload or transfer files of dangerous types that can be automatically processed within the product's environment. This vulnerability is caused by FCKeditor in this plugin.
  tags: wordpress, file-upload
  reference:
    - https://wordpress.org/plugins/wp-super-edit/
    - https://www.exploit-db.com/exploits/49839
    - 

http:
  - raw:
      - |
        GET /wp-content/plugins/wp-super-edit/superedit/tinymce_plugins/mse/fckeditor/editor/filemanager/browser/default/browser.html HTTP/1.1
        Host: {{Hostname}}

    matchers-condition: and
    matchers:
      - type: status
        status:
          - 200
      - type: word
        part: body
        words:
          - "FCKeditor"
          - "File Upload"
      - type: word
        part: header
        words:
          - "text/html"
''

Relevant dumped responses

### Note:

# 1. Technical Description:
This plugin allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment. Uploaded files represent a significant risk to applications. The first step in many attacks is to get some code to the system to be attacked. Then the attack only needs to find a way to get the code executed. Using a file upload helps the attacker accomplish the first step.The consequences of unrestricted file upload can vary, including complete system takeover, an overloaded file system or database, forwarding attacks to back-end systems, client-side attacks, or simple defacement. It depends on what the application does with the uploaded file and especially where it is stored. 

# 2. Technical Description:
WordPress Plugin "wp-super-edit" allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment. This vulnerability is caused by FCKeditor in this plugin. Uploaded files represent a significant risk to applications. The first step in many attacks is to get some code to the system to be attacked. Then the attack only needs to find a way to get the code executed. Using a file upload helps the attacker accomplish the first step. The consequences of unrestricted file upload can vary, including complete system takeover, an overloaded file system or database, forwarding attacks to back-end systems, client-side attacks, or simple defacement. It depends on what the application does with the uploaded file and especially where it is stored.

### POC:

* Exploit 1 : site.com/wp-content/plugins/wp-super-edit/superedit/tinymce_plugins/mse/fckeditor/editor/filemanager/browser/default/browser.html

Anything else?

No response

Metadata

Metadata

Assignees

Labels

template-contributionNuclei template contribution

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions