🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Vulnerabilities protected by our Directory Traversal firewall rule

1,901,146

Attacks Blocked in Past 24 Hours

Showing 21-40 of 278 Vulnerabilities

Ultimate Addons for Beaver Builder <= 1.35.13 - Authenticated(Contributor+) Directory Traversal to Arbitrary File Download

4.3

CVE-2023-51401

Dec 26, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Welcart e-Commerce <= 2.9.6 - Authenticated (Administrator+) Directory Traversal

4.1

CVE-2023-6120

Dec 8, 2023

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:N

WP Mail Log <= 1.1.2 - Authenticated (Contributor+) Arbitrary File Read

6.5

CVE-2023-5672

Nov 28, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

BackWPup <= 4.0.1 - Authenticated (Administrator+) Directory Traversal

8.7

CVE-2023-5504

Nov 22, 2023

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H

Quttera Web Malware Scanner <= 3.4.1.48 - Authenticated (Administrator+) Directory Traversal via ShowFile

6.8

CVE-2023-6222

Nov 21, 2023

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

CataBlog <= 1.7.0 - Authenticated (Editor+) Arbitrary File Deletion

6.5

CVE-2023-47843

Nov 20, 2023

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

File Manager <= 6.3 - Authenticated (Admin+) Arbitrary OS File Access via Path Traversal

2.2

CVE-2023-5907

Nov 20, 2023

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:N

Frontend File Manager Plugin <= 22.5 - Authenticated (Editor+) Directory Traversal

9.1

CVE-2023-5105

Nov 13, 2023

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Mmm Simple File List <= 2.3 - Authenticated (Subscriber+) Directory Traversal

8.8

CVE-2023-4297

Nov 6, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Ultimate Addons for WPBakery Page Builder <= 3.19.14 - Authenticated(Contributor+) Local File Inclusion

7.1

CVE-2023-46205

Oct 19, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

Remote Content Shortcode <= 1.5 - Authenticated(Contributor+) Local File Inclusion via shortcode

6.3

CVE-2023-45652

Oct 12, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Icegram Express <= 5.6.23 - Authenticated (Administrator+) Directory Traversal to Arbitrary File Read

9.1

CVE-2023-5414

Oct 11, 2023

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Migration, Backup, Staging – WPvivid <= 0.9.89 - Authenticated (Administrator+) Arbitrary Directory Deletion via Path Traversal

8.7

CVE-2023-4274

Sep 22, 2023

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H

Orders Tracking for WooCommerce <= 1.2.5 - Authenticated (Administrator+) Directory Traversal via 'file_url'

2.7

CVE-2023-4216

Aug 14, 2023

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

WordPress File Upload / WordPress File Upload Pro <= 4.19.1 - Authenticated (Administrator+) Path Traversal

4.9

CVE-2023-2688

May 23, 2023

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Unite Gallery Lite <= 1.7.59 - Authenticated(Administrator+) Local File Inclusion via 'view' parameter

5.0

CVE-2023-33310

May 22, 2023

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:L/A:N

WordPress Core < 6.2.1 - Directory Traversal

5.4

CVE-2023-2745

May 16, 2023

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N

MW WP Form <= 4.4.2 - Directory Traversal via _file_upload

5.3

CVE-2023-28409

May 8, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Snow Monkey Forms <= 5.1.1 - Directory Traversal via 'view' REST endpiont

5.3

CVE-2023-28413

May 8, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

JupiterX Theme <= 3.0.0 - Authenticated Local File Inclusion via print_pane

8.1

CVE-2023-32110

May 3, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Title	CVE ID	CVSS	Vector	Date
Ultimate Addons for Beaver Builder <= 1.35.13 - Authenticated(Contributor+) Directory Traversal to Arbitrary File Download	CVE-2023-51401	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N	December 26, 2023
Welcart e-Commerce <= 2.9.6 - Authenticated (Administrator+) Directory Traversal	CVE-2023-6120	4.1	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:N	December 8, 2023
WP Mail Log <= 1.1.2 - Authenticated (Contributor+) Arbitrary File Read	CVE-2023-5672	6.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N	November 28, 2023
BackWPup <= 4.0.1 - Authenticated (Administrator+) Directory Traversal	CVE-2023-5504	8.7	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H	November 22, 2023
Quttera Web Malware Scanner <= 3.4.1.48 - Authenticated (Administrator+) Directory Traversal via ShowFile	CVE-2023-6222	6.8	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N	November 21, 2023
CataBlog <= 1.7.0 - Authenticated (Editor+) Arbitrary File Deletion	CVE-2023-47843	6.5	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H	November 20, 2023
File Manager <= 6.3 - Authenticated (Admin+) Arbitrary OS File Access via Path Traversal	CVE-2023-5907	2.2	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:N	November 20, 2023
Frontend File Manager Plugin <= 22.5 - Authenticated (Editor+) Directory Traversal	CVE-2023-5105	9.1	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H	November 13, 2023
Mmm Simple File List <= 2.3 - Authenticated (Subscriber+) Directory Traversal	CVE-2023-4297	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	November 6, 2023
Ultimate Addons for WPBakery Page Builder <= 3.19.14 - Authenticated(Contributor+) Local File Inclusion	CVE-2023-46205	7.1	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N	October 19, 2023
Remote Content Shortcode <= 1.5 - Authenticated(Contributor+) Local File Inclusion via shortcode	CVE-2023-45652	6.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L	October 12, 2023
Icegram Express <= 5.6.23 - Authenticated (Administrator+) Directory Traversal to Arbitrary File Read	CVE-2023-5414	9.1	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H	October 11, 2023
Migration, Backup, Staging – WPvivid <= 0.9.89 - Authenticated (Administrator+) Arbitrary Directory Deletion via Path Traversal	CVE-2023-4274	8.7	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H	September 22, 2023
Orders Tracking for WooCommerce <= 1.2.5 - Authenticated (Administrator+) Directory Traversal via 'file_url'	CVE-2023-4216	2.7	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N	August 14, 2023
WordPress File Upload / WordPress File Upload Pro <= 4.19.1 - Authenticated (Administrator+) Path Traversal	CVE-2023-2688	4.9	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N	May 23, 2023
Unite Gallery Lite <= 1.7.59 - Authenticated(Administrator+) Local File Inclusion via 'view' parameter	CVE-2023-33310	5.0	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:L/A:N	May 22, 2023
WordPress Core < 6.2.1 - Directory Traversal	CVE-2023-2745	5.4	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N	May 16, 2023
MW WP Form <= 4.4.2 - Directory Traversal via _file_upload	CVE-2023-28409	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	May 8, 2023
Snow Monkey Forms <= 5.1.1 - Directory Traversal via 'view' REST endpiont	CVE-2023-28413	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	May 8, 2023
JupiterX Theme <= 3.0.0 - Authenticated Local File Inclusion via print_pane	CVE-2023-32110	8.1	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N	May 3, 2023

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation