🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Vulnerabilities protected by our Directory Traversal firewall rule

2,509,014

Attacks Blocked in Past 24 Hours

Showing 41-60 of 279 Vulnerabilities

Simple File List <= 3.2.4 - Arbitrary File Deletion

8.6

CVE ID Unknown

May 23, 2019

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N

Zip Attachments <= 1.5 - Directory Traversal

8.6

CVE-2015-4694

Jun 12, 2015

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

JupiterX Theme <= 3.0.0 - Authenticated Local File Inclusion via print_pane

8.1

CVE-2023-32110

May 3, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Simple:Press <= 6.8 - Authenticated (Subscriber+) Path Traversal to Arbitrary File Deletion

8.1

CVE-2022-4030

Nov 29, 2022

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

CM Download Manager < 2.8.0 - Directory Traversal to Arbitrary File Deletion and Denial of Service

8.1

CVE-2020-24146

Apr 13, 2021

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Wholesale Market <= 2.2.0 - Information Disclosure via Unauthenticated Arbitrary File Download

7.5

CVE-2022-4298

Dec 12, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Welcart e-Commerce 2.6.10-2.8.4 - Information Disclosure via Arbitrary File Read

7.5

CVE-2022-4140

Nov 30, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Welcart e-Commerce 2.6.0-2.7.7 - Information Disclosure via Arbitrary File Read

7.5

CVE-2022-41840

Sep 2, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

All-in-One Video Gallery 2.5.8 - 2.6.0 - Arbitrary File Download & Server-Side Request Forgery

7.5

CVE-2022-2633

Aug 17, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Team - WordPress Team Member Showcase Plugin <= 4.1.1 - Directory Traversal to Arbitrary File Read/Deletion

7.5

CVE-2022-2557

Jul 29, 2022

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

MultiSafepay plugin for WooCommerce <= 4.15.0 - Arbitrary File Read

7.5

CVE-2022-33901

Jul 18, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

WSM Downloader <= 1.4.0 - Arbitrary File Download

7.5

CVE-2022-2357

Jul 12, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Moment.js <= 2.29.1 - Directory Traversal

7.5

CVE ID Unknown

Apr 5, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Narnoo Distributor <= 2.5.1 - Path Traversal

7.5

CVE-2022-0679

Mar 1, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

True Ranker <= 2.2.2 - Directory Traversal/Arbitrary File Read

7.5

CVE-2021-39312

Dec 13, 2021

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

ZoomSounds - WordPress Wave Audio Player with Playlist <= 6.45 - Directory Traversal

7.5

CVE-2021-39316

Aug 30, 2021

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Video Downloader for TikTok < 1.4 - Directory Traversal

7.5

CVE-2020-24143

Apr 13, 2021

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Product Input Fields for WooCommerce <= 1.2.6 - Missing Authorization

7.5

CVE-2020-36696

Aug 3, 2020

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Duplicator < 1.3.28 - Directory Traversal

7.5

CVE-2020-11738

Feb 28, 2020

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

ARforms <= 3.7.1 - Unauthenticated Arbitrary File Deletion

7.5

CVE-2019-16902

Oct 11, 2019

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Title	CVE ID	CVSS	Vector	Date
Simple File List <= 3.2.4 - Arbitrary File Deletion		8.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N	May 23, 2019
Zip Attachments <= 1.5 - Directory Traversal	CVE-2015-4694	8.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N	June 12, 2015
JupiterX Theme <= 3.0.0 - Authenticated Local File Inclusion via print_pane	CVE-2023-32110	8.1	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N	May 3, 2023
Simple:Press <= 6.8 - Authenticated (Subscriber+) Path Traversal to Arbitrary File Deletion	CVE-2022-4030	8.1	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H	November 29, 2022
CM Download Manager < 2.8.0 - Directory Traversal to Arbitrary File Deletion and Denial of Service	CVE-2020-24146	8.1	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H	April 13, 2021
Wholesale Market <= 2.2.0 - Information Disclosure via Unauthenticated Arbitrary File Download	CVE-2022-4298	7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N	December 12, 2022
Welcart e-Commerce 2.6.10-2.8.4 - Information Disclosure via Arbitrary File Read	CVE-2022-4140	7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N	November 30, 2022
Welcart e-Commerce 2.6.0-2.7.7 - Information Disclosure via Arbitrary File Read	CVE-2022-41840	7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N	September 2, 2022
All-in-One Video Gallery 2.5.8 - 2.6.0 - Arbitrary File Download & Server-Side Request Forgery	CVE-2022-2633	7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N	August 17, 2022
Team - WordPress Team Member Showcase Plugin <= 4.1.1 - Directory Traversal to Arbitrary File Read/Deletion	CVE-2022-2557	7.5	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H	July 29, 2022
MultiSafepay plugin for WooCommerce <= 4.15.0 - Arbitrary File Read	CVE-2022-33901	7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N	July 18, 2022
WSM Downloader <= 1.4.0 - Arbitrary File Download	CVE-2022-2357	7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N	July 12, 2022
Moment.js <= 2.29.1 - Directory Traversal		7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N	April 5, 2022
Narnoo Distributor <= 2.5.1 - Path Traversal	CVE-2022-0679	7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N	March 1, 2022
True Ranker <= 2.2.2 - Directory Traversal/Arbitrary File Read	CVE-2021-39312	7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N	December 13, 2021
ZoomSounds - WordPress Wave Audio Player with Playlist <= 6.45 - Directory Traversal	CVE-2021-39316	7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N	August 30, 2021
Video Downloader for TikTok < 1.4 - Directory Traversal	CVE-2020-24143	7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N	April 13, 2021
Product Input Fields for WooCommerce <= 1.2.6 - Missing Authorization	CVE-2020-36696	7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N	August 3, 2020
Duplicator < 1.3.28 - Directory Traversal	CVE-2020-11738	7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N	February 28, 2020
ARforms <= 3.7.1 - Unauthenticated Arbitrary File Deletion	CVE-2019-16902	7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N	October 11, 2019

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation