Vulnerabilities protected by our Directory Traversal firewall rule

1,679,644
Attacks Blocked in Past 24 Hours

Showing 1-20 of 245 vulnerabilities

Title CVE ID CVSS Vector Date
Migration, Backup, Staging – WPvivid <= 0.9.89 - Authenticated (Administrator+) Arbitrary Directory Deletion via Path Traversal CVE-2023-4274 8.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H September 22, 2023
Orders Tracking for WooCommerce <= 1.2.5 - Authenticated (Administrator+) Directory Traversal via 'file_url' CVE-2023-4216 2.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N August 14, 2023
WordPress File Upload / WordPress File Upload Pro <= 4.19.1 - Authenticated (Administrator+) Path Traversal CVE-2023-2688 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N May 23, 2023
Unite Gallery Lite <= 1.7.59 - Authenticated(Administrator+) Local File Inclusion via 'view' parameter CVE-2023-33310 5.0 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:L/A:N May 22, 2023
WordPress Core < 6.2.1 - Directory Traversal CVE-2023-2745 5.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N May 16, 2023
MW WP Form <= 4.4.2 - Directory Traversal via _file_upload CVE-2023-28409 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N May 8, 2023
Snow Monkey Forms <= 5.1.1 - Directory Traversal via 'view' REST endpiont CVE-2023-28413 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N May 8, 2023
JupiterX Theme <= 3.0.0 - Authenticated Local File Inclusion via print_pane CVE-2023-32110 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N May 3, 2023
Image Optimizer by 10web <= 1.0.26 - Authenticated(Administator+) Directory Traversal CVE-2023-2117 2.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N May 2, 2023
Image Optimizer by 10web <= 1.0.25 - Directory Traversal to Information Exposure 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N April 19, 2023
Photo Gallery by 10Web <= 1.8.14 - Authenticated (Administrator+) Directory Traversal CVE-2023-1427 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N March 21, 2023
Hummingbird <= 3.4.1 - Unauthenticated Path Traversal CVE-2023-1478 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N March 20, 2023
GMAce <= 1.5.2 - Authenticated(Admin+) Directory Traversal CVE-2023-23872 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N February 23, 2023
WP Go Maps <= 9.0.15 - Authenticated (Admin+) Directory Traversal CVE-2022-47595 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N January 20, 2023
Wholesale Market <= 2.2.0 - Information Disclosure via Unauthenticated Arbitrary File Download CVE-2022-4298 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N December 12, 2022
Welcart e-Commerce <= 2.8.4 - Authenticated (Subscriber+) Arbitrary File Read CVE-2022-4236 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N December 5, 2022
Welcart e-Commerce <= 2.8.5 - Authenticated (Subscriber+) Information Disclosure and PHAR deserialization CVE-2022-4237 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N December 5, 2022
Easy WP SMTP <= 1.5.1 - Authenticated (Admin+) Directory Traversal CVE-2022-45833 2.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N November 30, 2022
Welcart e-Commerce 2.6.10-2.8.4 - Information Disclosure via Arbitrary File Read CVE-2022-4140 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N November 30, 2022
Simple:Press <= 6.8 - Authenticated (Admin+) Path Traversal to Arbitrary File Modification CVE-2022-4031 3.8 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L November 29, 2022

All the threat data shared in this database is powered by Wordfence Intelligence Enterprise.
Interested in integrating this data into your platform or network?
Contact us now to discuss API access to our Wordfence Intelligence Enterprise Data Feeds.

Inquire Now

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation