An unrestricted file upload vulnerability in the WordPress WP Super Edit plugin allows attackers to achieve remote code execution and full system compromise.

The plugin's FCKeditor component lacks validation for uploaded file types, allowing an attacker to upload malicious scripts directly to the server.

Successful exploitation allows an attacker to gain complete control over the WordPress site, leading to potential data exfiltration, malware distribution, and site defacement. The CVSS score of 9.8 signifies the highest level of risk.

Immediate Action: Update WP Super Edit to the latest available version; if no patch is available, remove the plugin entirely.

Proactive Monitoring: Scan the WordPress uploads directory for suspicious files (e.g., .php, .phtml) and review server access logs for unusual POST requests.

Compensating Controls: Use security plugins to disable file uploads or enforce strict directory permissions that prevent script execution in upload folders.

Public Exploit Available: false

This is a critical vulnerability that directly facilitates remote code execution. Administrators are strongly advised to update or uninstall the vulnerable plugin immediately to secure the environment.