CVE-2018-7422

HIGH EXPLOITED IN THE WILD NUCLEI

Site Editor < 1.1.1 - Local File Inclusion via ajax_path Parameter

Title source: llm

Exploitation Summary

CVE-2018-7422 has been observed exploited in the wild (reported by VulnCheck KEV, InTheWild.io). EIP tracks 5 public exploits from researchers including Nicolas Buzy-Debat, JacobEbben, ndr-repo. A Nuclei detection template is also available.

AI-analyzed exploit summary This exploit demonstrates a Local File Inclusion (LFI) vulnerability in the Site Editor WordPress plugin (version 1.1.1). The ajax_path parameter in ajax_shortcode_pattern.php is unsanitized, allowing remote attackers to include arbitrary files via a crafted request.

Description

A Local File Inclusion vulnerability in the Site Editor plugin through 1.1.1 for WordPress allows remote attackers to retrieve arbitrary files via the ajax_path parameter to editor/extensions/pagebuilder/includes/ajax_shortcode_pattern.php, aka absolute path traversal.

Exploits (5)

exploitdb WORKING POC VERIFIED

by Nicolas Buzy-Debat · textwebappsphp

https://www.exploit-db.com/exploits/44340

View Code ZIP pw:eip

This exploit demonstrates a Local File Inclusion (LFI) vulnerability in the Site Editor WordPress plugin (version 1.1.1). The ajax_path parameter in ajax_shortcode_pattern.php is unsanitized, allowing remote attackers to include arbitrary files via a crafted request.

Classification

Working Poc 100%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Site Editor WordPress Plugin <= 1.1.1

No auth needed

Prerequisites: WordPress with vulnerable Site Editor plugin installed

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC 2 stars

by JacobEbben · infoleak

https://github.com/JacobEbben/CVE-2018-7422

View Code ZIP pw:eip

This is a functional exploit for CVE-2018-7422, a Local File Inclusion (LFI) vulnerability in the WordPress Plugin Site Editor 1.1.1. The script crafts a malicious request to read arbitrary files from the target system via a vulnerable AJAX endpoint.

Classification

Working Poc 95%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: WordPress Plugin Site Editor 1.1.1

No auth needed

Prerequisites: Target must have the vulnerable WordPress Plugin Site Editor 1.1.1 installed · Target must be accessible via HTTP/HTTPS

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1083 - File and Directory Discovery

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC 1 stars

by ndr-repo · infoleak

https://github.com/ndr-repo/CVE-2018-7422

View Code ZIP pw:eip

This is a functional exploit PoC for CVE-2018-7422, a Local File Inclusion (LFI) vulnerability in the WordPress Plugin Site Editor 1.1.1. It crafts a malicious HTTP request to read arbitrary files from the target system via a vulnerable AJAX endpoint.

Classification

Working Poc 95%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: WordPress Plugin Site Editor 1.1.1

No auth needed

Prerequisites: Target must have the vulnerable WordPress Plugin Site Editor 1.1.1 installed · Target endpoint must be accessible

MITRE ATT&CK

T1574.008 - Path Interception by Search Order Hijacking

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC 1 stars

by 0x00-0x00 · remote

https://github.com/0x00-0x00/CVE-2018-7422

View Code ZIP pw:eip

This PowerShell script exploits a Local File Inclusion (LFI) vulnerability in the WordPress Site-Editor plugin (v1.1.1) by sending a crafted HTTP request to retrieve arbitrary files from the server. The exploit leverages unsanitized user input in the 'ajax_path' parameter.

Classification

Working Poc 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: WordPress Plugin: Site-Editor v1.1.1

No auth needed

Prerequisites: Target WordPress site with vulnerable Site-Editor plugin installed · Network access to the target

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec SCANNER

by nguyenduytoi · infoleak

https://github.com/nguyenduytoi/CVE-2018-7422

View Code ZIP pw:eip

This repository contains a Nuclei template for detecting CVE-2018-7422, an unauthenticated arbitrary file read vulnerability in WordPress Site Editor plugin. The template sends a crafted GET request to read /etc/passwd and checks for a successful response.

Classification

Scanner 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: WordPress Site Editor plugin

No auth needed

Prerequisites: WordPress Site Editor plugin installed and accessible

MITRE ATT&CK

T1005 - Data from Local System T1552 - Unsecured Credentials

devstral-2 · analyzed Mar 23, 2026 Full analysis →

Nuclei Templates (1)

WordPress Site Editor <=1.1.1 - Local File Inclusion

HIGHby LuskaBol,0x240x23elu

References (3)

Core 3

Core References

Exploit, Mailing List, Third Party Advisory x_refsource_misc

http://seclists.org/fulldisclosure/2018/Mar/40

Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/44340/

Third Party Advisory x_refsource_misc

https://wpvulndb.com/vulnerabilities/9044

Scores

CVSS v3 7.5

EPSS 0.8961

EPSS Percentile 99.6%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

VulnCheck KEV 2021-04-12

InTheWild.io 2021-04-12

CWE

CWE-22 CWE-829

Status published

Products (1)

siteeditor/site_editor < 1.1.1

Published Mar 19, 2018

Tracked Since Feb 18, 2026