🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Vulnerabilities protected by our Directory Traversal (Requesting wp-config.php) firewall rule

478,725

Attacks Blocked in Past 24 Hours

Showing 81-100 of 225 Vulnerabilities

Enable Media Replace <= 3.6.3 - Authenticated (Administrator+) Path Traversal

6.8

CVE-2022-2554

Sep 14, 2022

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N

WooCommerce <= 6.2.0 - Path Traversal via Tax Importer

7.2

CVE ID Unknown

Feb 22, 2022

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

WooCommerce <= 3.4.5 - WooCommerce File Deletion

7.2

CVE-2018-20714

Nov 6, 2018

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Advanced Access Manager <= 2.8.2 - Arbitrary File Overwrite

7.2

CVE-2014-6059

Aug 20, 2014

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Album and Image Gallery with Lightbox – Flagallery Photo Portfolio < 3.1.0 - Arbitrary File Deletion

7.2

CVE ID Unknown

Dec 24, 2012

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

All-in-One Video Gallery 2.5.8 - 2.6.0 - Arbitrary File Download & Server-Side Request Forgery

7.5

CVE-2022-2633

Aug 17, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Team - WordPress Team Member Showcase Plugin <= 4.1.1 - Directory Traversal to Arbitrary File Read/Deletion

7.5

CVE-2022-2557

Jul 29, 2022

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

MultiSafepay plugin for WooCommerce <= 4.15.0 - Arbitrary File Read

7.5

CVE-2022-33901

Jul 18, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

WSM Downloader <= 1.4.0 - Arbitrary File Download

7.5

CVE-2022-2357

Jul 12, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Moment.js <= 2.29.1 - Directory Traversal

7.5

CVE ID Unknown

Apr 5, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Narnoo Distributor <= 2.5.1 - Path Traversal

7.5

CVE-2022-0679

Mar 1, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

True Ranker <= 2.2.2 - Directory Traversal/Arbitrary File Read

7.5

CVE-2021-39312

Dec 13, 2021

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

ZoomSounds - WordPress Wave Audio Player with Playlist <= 6.45 - Directory Traversal

7.5

CVE-2021-39316

Aug 30, 2021

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Video Downloader for TikTok < 1.4 - Directory Traversal

7.5

CVE-2020-24143

Apr 13, 2021

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Product Input Fields for WooCommerce <= 1.2.6 - Missing Authorization

7.5

CVE-2020-36696

Aug 3, 2020

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Duplicator < 1.3.28 - Directory Traversal

7.5

CVE-2020-11738

Feb 28, 2020

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

ARforms <= 3.7.1 - Unauthenticated Arbitrary File Deletion

7.5

CVE-2019-16902

Oct 11, 2019

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Adaptive Images for WordPress <= 0.6.66 - Arbitrary File Deletion

7.5

CVE-2019-14206

Jul 19, 2019

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Ad Inserter <= 2.4.19 - Authenticated Path Traversal

7.5

CVE-2019-15323

Jul 12, 2019

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Import and export users and customers <= 1.14.2.1 - Directory Traversal

7.5

CVE-2019-15326

Jun 20, 2019

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Title	CVE ID	CVSS	Vector	Date
Enable Media Replace <= 3.6.3 - Authenticated (Administrator+) Path Traversal	CVE-2022-2554	6.8	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N	September 14, 2022
WooCommerce <= 6.2.0 - Path Traversal via Tax Importer		7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	February 22, 2022
WooCommerce <= 3.4.5 - WooCommerce File Deletion	CVE-2018-20714	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	November 6, 2018
Advanced Access Manager <= 2.8.2 - Arbitrary File Overwrite	CVE-2014-6059	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	August 20, 2014
Album and Image Gallery with Lightbox – Flagallery Photo Portfolio < 3.1.0 - Arbitrary File Deletion		7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	December 24, 2012
All-in-One Video Gallery 2.5.8 - 2.6.0 - Arbitrary File Download & Server-Side Request Forgery	CVE-2022-2633	7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N	August 17, 2022
Team - WordPress Team Member Showcase Plugin <= 4.1.1 - Directory Traversal to Arbitrary File Read/Deletion	CVE-2022-2557	7.5	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H	July 29, 2022
MultiSafepay plugin for WooCommerce <= 4.15.0 - Arbitrary File Read	CVE-2022-33901	7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N	July 18, 2022
WSM Downloader <= 1.4.0 - Arbitrary File Download	CVE-2022-2357	7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N	July 12, 2022
Moment.js <= 2.29.1 - Directory Traversal		7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N	April 5, 2022
Narnoo Distributor <= 2.5.1 - Path Traversal	CVE-2022-0679	7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N	March 1, 2022
True Ranker <= 2.2.2 - Directory Traversal/Arbitrary File Read	CVE-2021-39312	7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N	December 13, 2021
ZoomSounds - WordPress Wave Audio Player with Playlist <= 6.45 - Directory Traversal	CVE-2021-39316	7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N	August 30, 2021
Video Downloader for TikTok < 1.4 - Directory Traversal	CVE-2020-24143	7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N	April 13, 2021
Product Input Fields for WooCommerce <= 1.2.6 - Missing Authorization	CVE-2020-36696	7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N	August 3, 2020
Duplicator < 1.3.28 - Directory Traversal	CVE-2020-11738	7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N	February 28, 2020
ARforms <= 3.7.1 - Unauthenticated Arbitrary File Deletion	CVE-2019-16902	7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N	October 11, 2019
Adaptive Images for WordPress <= 0.6.66 - Arbitrary File Deletion	CVE-2019-14206	7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N	July 19, 2019
Ad Inserter <= 2.4.19 - Authenticated Path Traversal	CVE-2019-15323	7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N	July 12, 2019
Import and export users and customers <= 1.14.2.1 - Directory Traversal	CVE-2019-15326	7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N	June 20, 2019

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation