🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Vulnerabilities protected by our Directory Traversal firewall rule

1,945,885

Attacks Blocked in Past 24 Hours

Showing 1-20 of 278 Vulnerabilities

BuddyPress 2.0 - 2.7.3 - Unauthenticated Arbitrary File Deletion

10.0

CVE ID Unknown

Dec 23, 2016

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H

File Manager And File Manager Pro (Multiple Versions) - Directory Traversal

9.9

CVE-2023-6825

Mar 4, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

MoveTo <= 6.2 - Unauthenticated Directory Traversal to Arbitrary File Deletion

9.8

CVE-2024-25911

Feb 12, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Shield Security – Smart Bot Blocking & Intrusion Prevention Security <= 18.5.9 - Unauthenticated Local File Inclusion

9.8

CVE-2023-6989

Feb 5, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Dynamic Font Replacement DFR4WP EN <= 1.3 EN - Arbitrary File Deletion

9.8

CVE ID Unknown

Jul 12, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Admin Word Count Column <= 2.2 - Arbitrary File Read

9.8

CVE ID Unknown

Mar 27, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

WordPress File Upload <= 4.12.2 - Directory Traversal to Remote Code Execution

9.8

CVE-2020-10564

Mar 13, 2020

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Advanced Access Manager <= 5.9.8.1 - Unauthenticated Arbitrary File Read

9.8

CVE ID Unknown

Sep 9, 2019

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

WPS Child Theme Generator < 1.2 - Directory Traversal

9.8

CVE-2019-15822

Jul 23, 2019

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

微信群发助手-Wechat Broadcast <= 1.2.0 - Directory Traversal

9.8

CVE-2018-16283

Sep 19, 2018

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Media File Manager <= 1.4.2 - Directory Traversal to Arbitrary File Relocation

9.8

CVE-2018-19042

May 11, 2018

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Membership Simplified <= 1.58 - Arbitrary File Download

9.8

CVE-2017-1002008

Mar 13, 2017

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

SE HTML5 Album Audio Player <= 1.1.0 - Directory Traversal

9.8

CVE-2015-4414

Jun 6, 2015

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

My Calendar <= 2.3.29 - Path Traversal to Remote Code Execution

9.8

CVE ID Unknown

May 15, 2015

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Broadcast Live Video – Live Streaming : HTML5, WebRTC, HLS, RTSP, RTMP < 4.29.5 - Arbitrary File Read/Deletion

9.8

CVE-2014-1907

Feb 27, 2014

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

A Page Flip Book < 3.0 - Directory Traversal

9.8

CVE-2012-6652

Jul 10, 2012

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

wordTube <= 1.43 - Directory Traversal and File Inclusion

9.8

CVE-2007-2482

May 1, 2007

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Ultimate Member – User Profile, User Registration, Login & Membership Plugin <= 2.0.45 - Arbitrary File Deletion/Read

9.4

CVE ID Unknown

May 13, 2019

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

Honeypot for WP Comment <= 2.2.3 - Directory Traversal to Unauthenticated Arbitrary File Deletion

9.1

CVE-2024-1350

Feb 8, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Photo Gallery by 10Web - Mobile-Friendly Image Gallery <= 1.8.19 - Directory Traversal to Arbitrary File Rename

9.1

CVE-2024-0221

Jan 19, 2024

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Title	CVE ID	CVSS	Vector	Date
BuddyPress 2.0 - 2.7.3 - Unauthenticated Arbitrary File Deletion		10.0	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H	December 23, 2016
File Manager And File Manager Pro (Multiple Versions) - Directory Traversal	CVE-2023-6825	9.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H	March 4, 2024
MoveTo <= 6.2 - Unauthenticated Directory Traversal to Arbitrary File Deletion	CVE-2024-25911	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	February 12, 2024
Shield Security – Smart Bot Blocking & Intrusion Prevention Security <= 18.5.9 - Unauthenticated Local File Inclusion	CVE-2023-6989	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	February 5, 2024
Dynamic Font Replacement DFR4WP EN <= 1.3 EN - Arbitrary File Deletion		9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	July 12, 2022
Admin Word Count Column <= 2.2 - Arbitrary File Read		9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	March 27, 2022
WordPress File Upload <= 4.12.2 - Directory Traversal to Remote Code Execution	CVE-2020-10564	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	March 13, 2020
Advanced Access Manager <= 5.9.8.1 - Unauthenticated Arbitrary File Read		9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	September 9, 2019
WPS Child Theme Generator < 1.2 - Directory Traversal	CVE-2019-15822	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	July 23, 2019
微信群发助手-Wechat Broadcast <= 1.2.0 - Directory Traversal	CVE-2018-16283	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	September 19, 2018
Media File Manager <= 1.4.2 - Directory Traversal to Arbitrary File Relocation	CVE-2018-19042	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	May 11, 2018
Membership Simplified <= 1.58 - Arbitrary File Download	CVE-2017-1002008	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	March 13, 2017
SE HTML5 Album Audio Player <= 1.1.0 - Directory Traversal	CVE-2015-4414	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	June 6, 2015
My Calendar <= 2.3.29 - Path Traversal to Remote Code Execution		9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	May 15, 2015
Broadcast Live Video – Live Streaming : HTML5, WebRTC, HLS, RTSP, RTMP < 4.29.5 - Arbitrary File Read/Deletion	CVE-2014-1907	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	February 27, 2014
A Page Flip Book < 3.0 - Directory Traversal	CVE-2012-6652	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	July 10, 2012
wordTube <= 1.43 - Directory Traversal and File Inclusion	CVE-2007-2482	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	May 1, 2007
Ultimate Member – User Profile, User Registration, Login & Membership Plugin <= 2.0.45 - Arbitrary File Deletion/Read		9.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L	May 13, 2019
Honeypot for WP Comment <= 2.2.3 - Directory Traversal to Unauthenticated Arbitrary File Deletion	CVE-2024-1350	9.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H	February 8, 2024
Photo Gallery by 10Web - Mobile-Friendly Image Gallery <= 1.8.19 - Directory Traversal to Arbitrary File Rename	CVE-2024-0221	9.1	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H	January 19, 2024

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation