🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Vulnerabilities protected by our Directory Traversal (Requesting wp-config.php) firewall rule

557,589

Attacks Blocked in Past 24 Hours

Showing 21-40 of 225 Vulnerabilities

Image Export < 1.1.1 - Path Traversal

9.1

CVE-2015-5609

Jul 1, 2015

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Formcraft (Unknown Versions) - Arbitrary File Deletion

9.1

CVE ID Unknown

Sep 17, 2014

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

DejaVu <= 2.4 - Arbitrary File Download

9.1

CVE ID Unknown

Dec 17, 2013

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Method <= 2.1 - Arbitrary File Deletion

9.1

CVE ID Unknown

Dec 17, 2013

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Download Manager <= 3.2.50 - Authenticated (Contributor+) Arbitrary File Deletion

8.8

CVE-2022-2431

Jul 27, 2022

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

WP-DBManager <= 2.79.1 - Directory Traversal Allowing Arbitrary File Deletion

8.7

CVE ID Unknown

Oct 22, 2018

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H

Media File Organizer <= 1.0.1 - Directory Traversal

8.6

CVE-2020-24144

Apr 13, 2021

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

Simple File List <= 3.2.4 - Arbitrary File Deletion

8.6

CVE ID Unknown

May 23, 2019

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N

Zip Attachments <= 1.5 - Directory Traversal

8.6

CVE-2015-4694

Jun 12, 2015

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

Simple:Press <= 6.8 - Authenticated (Subscriber+) Path Traversal to Arbitrary File Deletion

8.1

CVE-2022-4030

Nov 29, 2022

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

CM Download Manager < 2.8.0 - Directory Traversal to Arbitrary File Deletion and Denial of Service

8.1

CVE-2020-24146

Apr 13, 2021

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

All-in-One Video Gallery 2.5.8 - 2.6.0 - Arbitrary File Download & Server-Side Request Forgery

7.5

CVE-2022-2633

Aug 17, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Team - WordPress Team Member Showcase Plugin <= 4.1.1 - Directory Traversal to Arbitrary File Read/Deletion

7.5

CVE-2022-2557

Jul 29, 2022

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

MultiSafepay plugin for WooCommerce <= 4.15.0 - Arbitrary File Read

7.5

CVE-2022-33901

Jul 18, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

WSM Downloader <= 1.4.0 - Arbitrary File Download

7.5

CVE-2022-2357

Jul 12, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Moment.js <= 2.29.1 - Directory Traversal

7.5

CVE ID Unknown

Apr 5, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Narnoo Distributor <= 2.5.1 - Path Traversal

7.5

CVE-2022-0679

Mar 1, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

True Ranker <= 2.2.2 - Directory Traversal/Arbitrary File Read

7.5

CVE-2021-39312

Dec 13, 2021

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

ZoomSounds - WordPress Wave Audio Player with Playlist <= 6.45 - Directory Traversal

7.5

CVE-2021-39316

Aug 30, 2021

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Video Downloader for TikTok < 1.4 - Directory Traversal

7.5

CVE-2020-24143

Apr 13, 2021

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Title	CVE ID	CVSS	Vector	Date
Image Export < 1.1.1 - Path Traversal	CVE-2015-5609	9.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N	July 1, 2015
Formcraft (Unknown Versions) - Arbitrary File Deletion		9.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H	September 17, 2014
DejaVu <= 2.4 - Arbitrary File Download		9.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H	December 17, 2013
Method <= 2.1 - Arbitrary File Deletion		9.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H	December 17, 2013
Download Manager <= 3.2.50 - Authenticated (Contributor+) Arbitrary File Deletion	CVE-2022-2431	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	July 27, 2022
WP-DBManager <= 2.79.1 - Directory Traversal Allowing Arbitrary File Deletion		8.7	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H	October 22, 2018
Media File Organizer <= 1.0.1 - Directory Traversal	CVE-2020-24144	8.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N	April 13, 2021
Simple File List <= 3.2.4 - Arbitrary File Deletion		8.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N	May 23, 2019
Zip Attachments <= 1.5 - Directory Traversal	CVE-2015-4694	8.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N	June 12, 2015
Simple:Press <= 6.8 - Authenticated (Subscriber+) Path Traversal to Arbitrary File Deletion	CVE-2022-4030	8.1	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H	November 29, 2022
CM Download Manager < 2.8.0 - Directory Traversal to Arbitrary File Deletion and Denial of Service	CVE-2020-24146	8.1	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H	April 13, 2021
All-in-One Video Gallery 2.5.8 - 2.6.0 - Arbitrary File Download & Server-Side Request Forgery	CVE-2022-2633	7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N	August 17, 2022
Team - WordPress Team Member Showcase Plugin <= 4.1.1 - Directory Traversal to Arbitrary File Read/Deletion	CVE-2022-2557	7.5	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H	July 29, 2022
MultiSafepay plugin for WooCommerce <= 4.15.0 - Arbitrary File Read	CVE-2022-33901	7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N	July 18, 2022
WSM Downloader <= 1.4.0 - Arbitrary File Download	CVE-2022-2357	7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N	July 12, 2022
Moment.js <= 2.29.1 - Directory Traversal		7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N	April 5, 2022
Narnoo Distributor <= 2.5.1 - Path Traversal	CVE-2022-0679	7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N	March 1, 2022
True Ranker <= 2.2.2 - Directory Traversal/Arbitrary File Read	CVE-2021-39312	7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N	December 13, 2021
ZoomSounds - WordPress Wave Audio Player with Playlist <= 6.45 - Directory Traversal	CVE-2021-39316	7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N	August 30, 2021
Video Downloader for TikTok < 1.4 - Directory Traversal	CVE-2020-24143	7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N	April 13, 2021

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation