The Advanced Members for ACF plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the create_crop function in all versions up to, and including, 1.
The Madara - Core plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the wp_manga_delete_zip() function in all versions up to, and including, 2.2
Woocommerce CSV Importer 3.3.6 contains a path traversal vulnerability that allows any registered user to delete arbitrary files by submitting unescaped filenames through the delete_export_file AJAX a
WordPress Plugin admin-word-count-column 2.2 contains a local file read vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting null byte injection in the path parame
The Database Backup and check Tables Automated With Scheduler 2024 plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.35 via the /dashboard/ba
An arbitrary file deletion vulnerability exists in the admin/del.php file at line 62 in ZZCMS 2023 and earlier. Due to insufficient validation and sanitization of user input for file paths, an attacke
The WP User Manager plugin for WordPress is vulnerable to Arbitrary File Deletion in all versions up to, and including, 2.9.12. This is due to insufficient validation of user-supplied file paths in th
The WP Contact Form 7 DB Handler plugin for WordPress is vulnerable to Cross-Site Request Forgery leading to Arbitrary File Deletion via SQL Injection and PHP Object Injection in versions up to and in
The Xagio SEO plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.1.0.5 via the backup functionality due to weak filename structure and lack of
Mac Photo Gallery 3.0 contains a path traversal vulnerability that allows unauthenticated attackers to download arbitrary files by manipulating the albid parameter. Attackers can send requests to macd
The Simple Download Counter plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 2.2.2. This is due to insufficient path validation in the `simple_download_counte
The wpForo Forum plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 2.4.16. This is due to a missing file name/path validation against path traversal s
The Backup, Restore and Migrate your sites with XCloner plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.8.2. This is due to missing or incorrec
The WordPress User Extra Fields plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the save_fields() function in all versions up to, and includin
The User Meta – User Profile Builder and User management plugin plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the postInsertUserProcess func
The File Manager, Code Editor, and Backup by Managefy plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.6.1 through publicly exposed log file
The Integration Opvius AI for WooCommerce plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.3.0. This is due to the `process_table_bulk_actions()` function p
The Meta Box plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'ajax_delete_file' function in all versions up to, and including, 5.11.1. Thi
The BackWPup plugin for WordPress is vulnerable to Local File Inclusion via the `block_name` parameter of the `/wp-json/backwpup/v1/getblock` REST endpoint in all versions up to, and including, 5.6.6
WordPress Plugin amministrazione-aperta 3.7.3 contains a local file read vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting insufficient input validation in the