Vulnerabilities protected by our Directory Traversal firewall rule

Title	CVE ID	CVSS	Vector	Date
Photo Gallery by 10Web <= 1.8.14 - Authenticated (Administrator+) Directory Traversal		4.9	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N	March 21, 2023
GMAce <= 1.5.2 - Authenticated(Admin+) Directory Traversal	CVE-2023-23872	4.9	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N	February 23, 2023
WP Go Maps <= 9.0.15 - Authenticated (Admin+) Directory Traversal	CVE-2022-47595	4.9	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N	January 20, 2023
Wholesale Market <= 2.2.0 - Information Disclosure via Unauthenticated Arbitrary File Download	CVE-2022-4298	7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N	December 12, 2022
Welcart e-Commerce <= 2.8.5 - Authenticated (Subscriber+) Information Disclosure and PHAR deserialization	CVE-2022-4237	6.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N	December 5, 2022
Welcart e-Commerce <= 2.8.4 - Authenticated (Subscriber+) Arbitrary File Read	CVE-2022-4236	6.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N	December 5, 2022
Easy WP SMTP <= 1.5.1 - Authenticated (Admin+) Directory Traversal	CVE-2022-45833	2.7	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N	November 30, 2022
Welcart e-Commerce 2.6.10-2.8.4 - Information Disclosure via Arbitrary File Read	CVE-2022-4140	7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N	November 30, 2022
Simple:Press <= 6.8 - Authenticated (Admin+) Path Traversal to Arbitrary File Modification	CVE-2022-4031	3.8	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L	November 29, 2022
Simple:Press <= 6.8 - Authenticated (Subscriber+) Path Traversal to Arbitrary File Deletion	CVE-2022-4030	8.1	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H	November 29, 2022
Download Monitor <= 4.7.2 - Authenticated Directory Traversal to Sensitive Information Exposure		4.9	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N	November 1, 2022
Booster Elite for WooCommerce < 1.1.7 - Authenticated (Admin/Shop Manager+) Arbitrary File Download	CVE-2022-3762	4.9	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N	October 31, 2022
Ultimate Member – User Profile, User Registration, Login & Membership Plugin <= 2.5.0 - Authenticated (Admin+) Directory Traversal	CVE-2022-2445	4.7	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L	October 28, 2022
Ultimate Member – User Profile, User Registration, Login & Membership Plugin <= 2.5.0 - Authenticated (Contributor+) Directory Traversal via Shortcodes	CVE-2022-3361	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N	October 28, 2022
Booster (<= 5.6.6) and Booster Plus (<= 5.6.4) for WooCommerce - Authenticated (Shop Manager+) Information Exposure via Arbitrary File Download	CVE-2022-3762	6.5	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N	October 27, 2022
Import any XML or CSV File to WordPress <= 3.6.8 - Authenticated (Administrator+) Arbitrary File Upload via Path Traversal	CVE-2022-2711	6.5	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N	October 17, 2022
Contact Form by WPForms <= 1.7.5.3 - Authenticated (Administrator+) Arbitrary File Access via Path Traversal		6.8	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N	September 19, 2022
Enable Media Replace <= 3.6.3 - Authenticated (Administrator+) Path Traversal	CVE-2022-2554	6.8	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N	September 14, 2022
Download Manager <= 3.2.54 - Authenticated (Admin+) Path Traversal	CVE-2022-2926	4.9	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N	September 5, 2022
Welcart e-Commerce 2.6.0-2.7.7 - Information Disclosure via Arbitrary File Read	CVE-2022-41840	7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N	September 2, 2022

All the threat data shared in this database is powered by Wordfence Intelligence Enterprise.
Interested in integrating this data into your platform or network?
Contact us now to discuss API access to our Wordfence Intelligence Enterprise Data Feeds.

Inquire Now

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation