ReportizFlow
Filtered by vendor
Subscriptions
Total
7621 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-49448 | 1 Wordpress | 1 Wordpress | 2025-07-14 | 8.6 High |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Fastw3b LLC FW Food Menu allows Path Traversal. This issue affects FW Food Menu : from n/a through 6.0.0. | ||||
| CVE-2025-53298 | 1 Wordpress | 1 Wordpress | 2025-07-14 | 4.9 Medium |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in gioni Plugin Inspector allows Path Traversal. This issue affects Plugin Inspector: from n/a through 1.5. | ||||
| CVE-2025-6755 | 2 Gameusers, Wordpress | 2 Game Users Share Button, Wordpress | 2025-07-14 | 8.8 High |
| The Game Users Share Buttons plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the ajaxDeleteTheme() function in all versions up to, and including, 1.3.0. This makes it possible for Subscriber-level attackers to add arbitrary file paths (such as ../../../../wp-config.php) to the themeNameId parameter of the AJAX request, which can lead to remote code execution. | ||||
| CVE-2025-6379 | 2 Beeteam368, Wordpress | 2 Vidmov, Wordpress | 2025-07-14 | 8.8 High |
| The BeeTeam368 Extensions Pro plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.3.4 via the handle_live_fn() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform actions on files outside of the originally intended directory. This vulnerability can be used to delete the wp-config.php file, which can be leveraged into a site takeover. | ||||
| CVE-2025-50350 | 1 Phpgurukul | 1 Pre-school Enrollment System | 2025-07-14 | 5.4 Medium |
| PHPGurukul Pre-School Enrollment System Project v1.0 is vulnerable to Directory Traversal in manage-classes.php. | ||||
| CVE-2025-4946 | 1 Wordpress | 1 Wordpress | 2025-07-14 | 8.1 High |
| The Vikinger theme for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the vikinger_delete_activity_media_ajax() function in all versions up to, and including, 1.9.32. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). Note: Requires Vikinger Media plugin to be installed and active. | ||||
| CVE-2025-2932 | 1 Wordpress | 1 Wordpress | 2025-07-14 | 8.8 High |
| The JKDEVKIT plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'font_upload_handler' function in all versions up to, and including, 1.9.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). If WooCommerce is enabled, attackers will need Contributor-level access and above. | ||||
| CVE-2025-28980 | 1 Wordpress | 1 Wordpress | 2025-07-14 | 7.7 High |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in machouinard Aviation Weather from NOAA allows Path Traversal. This issue affects Aviation Weather from NOAA: from n/a through 0.7.2. | ||||
| CVE-2024-12362 | 1 Invoiceplane | 1 Invoiceplane | 2025-07-14 | 4.3 Medium |
| A vulnerability was found in InvoicePlane up to 1.6.1. It has been classified as problematic. This affects the function download of the file invoices.php. The manipulation of the argument invoice leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.6.2-beta-1 is able to address this issue. It is recommended to upgrade the affected component. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product. | ||||
| CVE-2024-44013 | 1 Wordpress | 1 Wordpress | 2025-07-14 | 7.5 High |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Innate Images LLC VR Calendar allows PHP Local File Inclusion.This issue affects VR Calendar: from n/a through 2.4.0. | ||||
| CVE-2025-32633 | 1 Wordpress | 1 Wordpress | 2025-07-14 | 8.6 High |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in neoslab Database Toolset allows Path Traversal. This issue affects Database Toolset: from n/a through 1.8.4. | ||||
| CVE-2024-50508 | 2 Chetan Khandla, Wordpress | 2 Woocommerce Product Design, Wordpress | 2025-07-14 | 7.5 High |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Chetan Khandla Woocommerce Product Design allows Path Traversal.This issue affects Woocommerce Product Design: from n/a through 1.0.0. | ||||
| CVE-2024-37497 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 7.7 High |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Crocoblock JetThemeCore allows File Manipulation.This issue affects JetThemeCore: from n/a before 2.2.1. | ||||
| CVE-2024-47264 | 1 Synology | 1 Active Backup For Business | 2025-07-13 | 4.9 Medium |
| Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in agent-related functionality in Synology Active Backup for Business before 2.7.1-13234, 2.7.1-23234 and 2.7.1-3234 allows remote authenticated users with administrator privileges to delete arbitrary files via unspecified vectors. | ||||
| CVE-2024-31850 | 1 Cdata | 1 Arc | 2025-07-13 | 8.6 High |
| A path traversal vulnerability exists in the Java version of CData Arc < 23.4.8839 when running using the embedded Jetty server, which could allow an unauthenticated remote attacker to gain access to sensitive information and perform limited actions. | ||||
| CVE-2024-9100 | 1 Zohocorp | 1 Manageengine Analytics Plus | 2025-07-13 | 6.5 Medium |
| Zohocorp ManageEngine Analytics Plus versions before 5410 and Zoho Analytics On-Premise versions before 5410 are vulnerable to Path traversal. | ||||
| CVE-2024-37932 | 2 Anhvnit, Wordpress | 2 Woocommerce Openpos, Wordpress | 2025-07-13 | 8.6 High |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in anhvnit Woocommerce OpenPos allows File Manipulation.This issue affects Woocommerce OpenPos: from n/a through 6.4.4. | ||||
| CVE-2024-1961 | 1 Vertaai | 1 Modeldb | 2025-07-13 | N/A |
| vertaai/modeldb is vulnerable to a path traversal attack due to improper sanitization of user-supplied file paths in its file upload functionality. Attackers can exploit this vulnerability to write arbitrary files anywhere in the file system by manipulating the 'artifact_path' parameter. This flaw can lead to Remote Code Execution (RCE) by overwriting critical files, such as the application's configuration file, especially when the application is run outside of Docker. The vulnerability is present in the NFSController.java and NFSService.java components of the application. | ||||
| CVE-2025-32671 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 7.5 High |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in John Weissberg Print Science Designer allows Path Traversal. This issue affects Print Science Designer: from n/a through 1.3.155. | ||||
| CVE-2025-47603 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 7.5 High |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Belingo belingoGeo allows Path Traversal. This issue affects belingoGeo: from n/a through 1.12.0. | ||||