🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Vulnerabilities protected by our Directory Traversal (Requesting wp-config.php) firewall rule

524,592

Attacks Blocked in Past 24 Hours

Showing 181-200 of 225 Vulnerabilities

Smush – Lazy Load Images, Optimize & Compress Images <= 2.7.5 - Directory Traversal

5.3

CVE-2017-15079

Sep 21, 2017

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Swim Team < 1.45.1085 - Directory Traversal

5.3

CVE-2015-5471

Jul 8, 2015

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

PayPal Currency Converter BASIC for WooCommerce <= 1.3 - Path Traversal to Arbitrary File Read

5.3

CVE-2015-5065

Jun 10, 2015

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Easy2map-photos <= 1.0.9 - Path Traversal

5.3

CVE-2015-4617

Jun 8, 2015

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Aspose Cloud eBook Generator <= 1.0 - Directory Traversal

5.3

CVE ID Unknown

Mar 27, 2015

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Tom M8te <= 1.5.3 - Directory Traversal

5.3

CVE-2014-5187

Sep 27, 2014

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Last.fm Rotation <= 1.0 - Directory Traversal

5.3

CVE-2014-5181

May 28, 2014

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Ripe HD FLV <= 1.1 - Full Path Disclosure

5.3

CVE ID Unknown

Jan 20, 2013

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Eshop Magic < 0.2 - Arbitrary File Read

5.3

CVE ID Unknown

Oct 12, 2012

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Wp-ImageZoom < 1.0.5 - Directory Traversal

5.3

CVE ID Unknown

Jun 18, 2012

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

myEASYbackup < 1.0.9 - Directory Traversal

5.3

CVE-2012-0898

Jan 16, 2012

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

DMSGuestbook <= 1.8.0 - Directory Traversal

5.3

CVE-2008-0615

Feb 2, 2008

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

WordPress Shortcodes Plugin — Shortcodes Ultimate < 4.10.0 - Directory Traversal

5.0

CVE-2017-2245

Jun 23, 2017

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

Download Monitor <= 4.7.2 - Authenticated Directory Traversal to Sensitive Information Exposure

4.9

CVE ID Unknown

Nov 1, 2022

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Booster Elite for WooCommerce < 1.1.7 - Authenticated (Admin/Shop Manager+) Arbitrary File Download

4.9

CVE-2022-3762

Oct 31, 2022

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Download Manager <= 3.2.54 - Authenticated (Admin+) Path Traversal

4.9

CVE-2022-2926

Sep 5, 2022

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Infinite Scroll – Ajax Load More <= 5.5.4 - Authenticated (Admin+) Arbitrary File Read via Directory Traversal

4.9

CVE ID Unknown

Aug 31, 2022

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

WordPress Infinite Scroll – Ajax Load More <= 5.5.3 - Directory Traversal

4.9

CVE-2022-2945

Aug 22, 2022

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

WPide <= 2.6 - Authenticated (Administrator+) Arbitrary File Read

4.9

CVE-2022-35235

Aug 9, 2022

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

GiveWP <= 2.20.2 - Authenticated Arbitrary File Read

4.9

CVE-2022-31475

Jul 12, 2022

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Title	CVE ID	CVSS	Vector	Date
Smush – Lazy Load Images, Optimize & Compress Images <= 2.7.5 - Directory Traversal	CVE-2017-15079	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	September 21, 2017
Swim Team < 1.45.1085 - Directory Traversal	CVE-2015-5471	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	July 8, 2015
PayPal Currency Converter BASIC for WooCommerce <= 1.3 - Path Traversal to Arbitrary File Read	CVE-2015-5065	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	June 10, 2015
Easy2map-photos <= 1.0.9 - Path Traversal	CVE-2015-4617	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	June 8, 2015
Aspose Cloud eBook Generator <= 1.0 - Directory Traversal		5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	March 27, 2015
Tom M8te <= 1.5.3 - Directory Traversal	CVE-2014-5187	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	September 27, 2014
Last.fm Rotation <= 1.0 - Directory Traversal	CVE-2014-5181	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	May 28, 2014
Ripe HD FLV <= 1.1 - Full Path Disclosure		5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	January 20, 2013
Eshop Magic < 0.2 - Arbitrary File Read		5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	October 12, 2012
Wp-ImageZoom < 1.0.5 - Directory Traversal		5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	June 18, 2012
myEASYbackup < 1.0.9 - Directory Traversal	CVE-2012-0898	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	January 16, 2012
DMSGuestbook <= 1.8.0 - Directory Traversal	CVE-2008-0615	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	February 2, 2008
WordPress Shortcodes Plugin — Shortcodes Ultimate < 4.10.0 - Directory Traversal	CVE-2017-2245	5.0	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N	June 23, 2017
Download Monitor <= 4.7.2 - Authenticated Directory Traversal to Sensitive Information Exposure		4.9	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N	November 1, 2022
Booster Elite for WooCommerce < 1.1.7 - Authenticated (Admin/Shop Manager+) Arbitrary File Download	CVE-2022-3762	4.9	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N	October 31, 2022
Download Manager <= 3.2.54 - Authenticated (Admin+) Path Traversal	CVE-2022-2926	4.9	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N	September 5, 2022
Infinite Scroll – Ajax Load More <= 5.5.4 - Authenticated (Admin+) Arbitrary File Read via Directory Traversal		4.9	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N	August 31, 2022
WordPress Infinite Scroll – Ajax Load More <= 5.5.3 - Directory Traversal	CVE-2022-2945	4.9	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N	August 22, 2022
WPide <= 2.6 - Authenticated (Administrator+) Arbitrary File Read	CVE-2022-35235	4.9	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N	August 9, 2022
GiveWP <= 2.20.2 - Authenticated Arbitrary File Read	CVE-2022-31475	4.9	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N	July 12, 2022

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation