🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Vulnerabilities protected by our Directory Traversal firewall rule

1,800,576

Attacks Blocked in Past 24 Hours

Showing 201-220 of 279 Vulnerabilities

Urban City (All Versions) - Arbitrary File Download

6.2

CVE ID Unknown

Sep 8, 2014

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Backup and Restore plugin – WordPress <= 1.0.3 - Authenticated (Admin+) Arbitrary File Deletion

5.5

CVE ID Unknown

Nov 8, 2021

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H

Skippy WP-DB Backup (Legacy Plugin) <= 1.7 - Authenticated (Admin+) Directory Traversal

5.5

CVE-2006-4208

Aug 14, 2006

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N

WP Recipe Maker <= 9.1.0 - Directory Traversal

5.4

CVE-2024-0380

Jan 17, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

WordPress Core < 6.2.1 - Directory Traversal

5.4

CVE-2023-2745

May 16, 2023

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N

Product Configurator for WooCommerce <= 1.2.31 - Arbitrary File Deletion

5.4

CVE-2022-1953

Jun 1, 2022

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

BP Group Documents <= 1.2.1 - Path Traversal

5.4

CVE ID Unknown

Oct 4, 2013

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

Snow Monkey Forms <= 5.1.1 - Directory Traversal via 'view' REST endpiont

5.3

CVE-2023-28413

May 8, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

MW WP Form <= 4.4.2 - Directory Traversal via _file_upload

5.3

CVE-2023-28409

May 8, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Hummingbird <= 3.4.1 - Unauthenticated Path Traversal

5.3

CVE-2023-1478

Mar 20, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Media File Manager <= 1.4.2 - Directory Traversal to Directory Listing

5.3

CVE-2018-19040

May 11, 2018

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Media File Manager <= 1.4.2 - Directory Traversal to Arbitrary File Read

5.3

CVE-2018-19043

May 11, 2018

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Smush – Lazy Load Images, Optimize & Compress Images <= 2.7.5 - Directory Traversal

5.3

CVE-2017-15079

Sep 21, 2017

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Swim Team < 1.45.1085 - Directory Traversal

5.3

CVE-2015-5471

Jul 8, 2015

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

PayPal Currency Converter BASIC for WooCommerce <= 1.3 - Path Traversal to Arbitrary File Read

5.3

CVE-2015-5065

Jun 10, 2015

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Easy2map-photos <= 1.0.9 - Path Traversal

5.3

CVE-2015-4617

Jun 8, 2015

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Aspose Cloud eBook Generator <= 1.0 - Directory Traversal

5.3

CVE ID Unknown

Mar 27, 2015

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Tom M8te <= 1.5.3 - Directory Traversal

5.3

CVE-2014-5187

Sep 27, 2014

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Last.fm Rotation <= 1.0 - Directory Traversal

5.3

CVE-2014-5181

May 28, 2014

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Ripe HD FLV <= 1.1 - Full Path Disclosure

5.3

CVE ID Unknown

Jan 20, 2013

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Title	CVE ID	CVSS	Vector	Date
Urban City (All Versions) - Arbitrary File Download		6.2	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N	September 8, 2014
Backup and Restore plugin – WordPress <= 1.0.3 - Authenticated (Admin+) Arbitrary File Deletion		5.5	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H	November 8, 2021
Skippy WP-DB Backup (Legacy Plugin) <= 1.7 - Authenticated (Admin+) Directory Traversal	CVE-2006-4208	5.5	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N	August 14, 2006
WP Recipe Maker <= 9.1.0 - Directory Traversal	CVE-2024-0380	5.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N	January 17, 2024
WordPress Core < 6.2.1 - Directory Traversal	CVE-2023-2745	5.4	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N	May 16, 2023
Product Configurator for WooCommerce <= 1.2.31 - Arbitrary File Deletion	CVE-2022-1953	5.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L	June 1, 2022
BP Group Documents <= 1.2.1 - Path Traversal		5.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L	October 4, 2013
Snow Monkey Forms <= 5.1.1 - Directory Traversal via 'view' REST endpiont	CVE-2023-28413	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	May 8, 2023
MW WP Form <= 4.4.2 - Directory Traversal via _file_upload	CVE-2023-28409	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	May 8, 2023
Hummingbird <= 3.4.1 - Unauthenticated Path Traversal	CVE-2023-1478	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	March 20, 2023
Media File Manager <= 1.4.2 - Directory Traversal to Directory Listing	CVE-2018-19040	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	May 11, 2018
Media File Manager <= 1.4.2 - Directory Traversal to Arbitrary File Read	CVE-2018-19043	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	May 11, 2018
Smush – Lazy Load Images, Optimize & Compress Images <= 2.7.5 - Directory Traversal	CVE-2017-15079	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	September 21, 2017
Swim Team < 1.45.1085 - Directory Traversal	CVE-2015-5471	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	July 8, 2015
PayPal Currency Converter BASIC for WooCommerce <= 1.3 - Path Traversal to Arbitrary File Read	CVE-2015-5065	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	June 10, 2015
Easy2map-photos <= 1.0.9 - Path Traversal	CVE-2015-4617	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	June 8, 2015
Aspose Cloud eBook Generator <= 1.0 - Directory Traversal		5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	March 27, 2015
Tom M8te <= 1.5.3 - Directory Traversal	CVE-2014-5187	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	September 27, 2014
Last.fm Rotation <= 1.0 - Directory Traversal	CVE-2014-5181	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	May 28, 2014
Ripe HD FLV <= 1.1 - Full Path Disclosure		5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	January 20, 2013

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation