🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Vulnerabilities protected by our Directory Traversal firewall rule

2,786,314

Attacks Blocked in Past 24 Hours

Showing 101-120 of 278 Vulnerabilities

Media File Organizer <= 1.0.1 - Directory Traversal

8.6

CVE-2020-24144

Apr 13, 2021

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

Video Downloader for TikTok < 1.4 - Directory Traversal

7.5

CVE-2020-24143

Apr 13, 2021

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Theme Editor <= 2.5 - Authenticated Arbitrary File Download

4.9

CVE-2021-24154

Feb 13, 2021

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Product Input Fields for WooCommerce <= 1.2.6 - Missing Authorization

7.5

CVE-2020-36696

Aug 3, 2020

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Adning Advertising <= 1.5.5 - Unauthenticated Arbitrary File Deletion via Path Traversal

6.5

CVE-2020-36728

Jul 7, 2020

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Simple File List <= 4.2.7 - Arbitrary File Deletion

6.5

CVE-2020-12832

May 16, 2020

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

WordPress File Upload <= 4.12.2 - Directory Traversal to Remote Code Execution

9.8

CVE-2020-10564

Mar 13, 2020

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Duplicator < 1.3.28 - Directory Traversal

7.5

CVE-2020-11738

Feb 28, 2020

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

ARforms <= 3.7.1 - Unauthenticated Arbitrary File Deletion

7.5

CVE-2019-16902

Oct 11, 2019

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Advanced Access Manager <= 5.9.8.1 - Unauthenticated Arbitrary File Read

9.8

CVE ID Unknown

Sep 9, 2019

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Ultimate Member <= 2.0.3 - Directory Traversal

4.3

CVE-2018-0586

Aug 12, 2019

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

WP Fastest Cache <= 0.8.9.5 - Directory Traversal

9.1

CVE-2019-13635

Jul 28, 2019

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

WPS Child Theme Generator < 1.2 - Directory Traversal

9.8

CVE-2019-15822

Jul 23, 2019

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Adaptive Images for WordPress <= 0.6.66 - Arbitrary File Deletion

7.5

CVE-2019-14206

Jul 19, 2019

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Ad Inserter <= 2.4.19 - Authenticated Path Traversal

7.5

CVE-2019-15323

Jul 12, 2019

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Insert or Embed Articulate Content into WordPress < 4.29991 - Directory Traversal

6.5

CVE-2019-15648

Jul 2, 2019

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Newsletters <= 4.6.18 - Directory Traversal

8.8

CVE-2019-14788

Jul 1, 2019

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Import and export users and customers <= 1.14.2.1 - Directory Traversal

7.5

CVE-2019-15326

Jun 20, 2019

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Simple File List <= 3.2.7 - Arbitrary File Download

7.5

CVE-2022-1119

May 23, 2019

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Simple File List <= 3.2.4 - Arbitrary File Deletion

8.6

CVE ID Unknown

May 23, 2019

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N

Title	CVE ID	CVSS	Vector	Date
Media File Organizer <= 1.0.1 - Directory Traversal	CVE-2020-24144	8.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N	April 13, 2021
Video Downloader for TikTok < 1.4 - Directory Traversal	CVE-2020-24143	7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N	April 13, 2021
Theme Editor <= 2.5 - Authenticated Arbitrary File Download	CVE-2021-24154	4.9	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N	February 13, 2021
Product Input Fields for WooCommerce <= 1.2.6 - Missing Authorization	CVE-2020-36696	7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N	August 3, 2020
Adning Advertising <= 1.5.5 - Unauthenticated Arbitrary File Deletion via Path Traversal	CVE-2020-36728	6.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N	July 7, 2020
Simple File List <= 4.2.7 - Arbitrary File Deletion	CVE-2020-12832	6.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L	May 16, 2020
WordPress File Upload <= 4.12.2 - Directory Traversal to Remote Code Execution	CVE-2020-10564	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	March 13, 2020
Duplicator < 1.3.28 - Directory Traversal	CVE-2020-11738	7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N	February 28, 2020
ARforms <= 3.7.1 - Unauthenticated Arbitrary File Deletion	CVE-2019-16902	7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N	October 11, 2019
Advanced Access Manager <= 5.9.8.1 - Unauthenticated Arbitrary File Read		9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	September 9, 2019
Ultimate Member <= 2.0.3 - Directory Traversal	CVE-2018-0586	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N	August 12, 2019
WP Fastest Cache <= 0.8.9.5 - Directory Traversal	CVE-2019-13635	9.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N	July 28, 2019
WPS Child Theme Generator < 1.2 - Directory Traversal	CVE-2019-15822	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	July 23, 2019
Adaptive Images for WordPress <= 0.6.66 - Arbitrary File Deletion	CVE-2019-14206	7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N	July 19, 2019
Ad Inserter <= 2.4.19 - Authenticated Path Traversal	CVE-2019-15323	7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N	July 12, 2019
Insert or Embed Articulate Content into WordPress < 4.29991 - Directory Traversal	CVE-2019-15648	6.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N	July 2, 2019
Newsletters <= 4.6.18 - Directory Traversal	CVE-2019-14788	8.8	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	July 1, 2019
Import and export users and customers <= 1.14.2.1 - Directory Traversal	CVE-2019-15326	7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N	June 20, 2019
Simple File List <= 3.2.7 - Arbitrary File Download	CVE-2022-1119	7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N	May 23, 2019
Simple File List <= 3.2.4 - Arbitrary File Deletion		8.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N	May 23, 2019

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation