The WP-DownloadManager plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.69 via the 'file' parameter in the file deletion functionality. This is due to insuf
The WP-DownloadManager plugin for WordPress is vulnerable to arbitrary file deletion due to lack of restriction on the directory a file can be deleted from in all versions up to, and including, 1.68.1
The Download Manager plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the savePackage function in all versions up to, and including, 3.3.12. Th
The File Manager, Code Editor, and Backup by Managefy plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.4.8 via the ajax_downloadfile() function. This makes
The Download Manager plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.3.08 via the 'wpdm_newfile' action. This makes it possible for authenticated atta
The Code Explorer plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.4.6 via the 'file' parameter. This makes it possible for authenticated attackers, with Ad
The Integration Opvius AI for WooCommerce plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.3.0. This is due to the `process_table_bulk_actions()` function p
The ilGhera Carta Docente for WooCommerce plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.5.0 via the 'cert' parameter of the 'wccd-delete-certificate' AJA
The Invelity Product Feeds plugin for WordPress is vulnerable to arbitrary file deletion via path traversal in all versions up to, and including, 1.2.6. This is due to missing validation and sanitizat
The Simple Download Counter plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 2.2.2. This is due to insufficient path validation in the `simple_download_counte
The WordPress File Upload plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 4.24.11 via wfu_file_downloader.php. This makes it possible for unauthenticated att
The wpForo Forum plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 2.4.16. This is due to a missing file name/path validation against path traversal s
The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the view_page function in all versio
The Media Library Assistant plugin for WordPress is vulnerable to arbitrary file deletion in the /wp-content/uploads directory due to insufficient file path validation and user capability checking in
The Attachment Manager plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the handle_actions() function in all versions up to, and including, 2.1
The Moving Media Library plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the generate_json_page function in all versions up to, and including,
The WP-DownloadManager plugin for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 1.68.10. This is due to a lack of restriction on the directory an administrator c
The MP3 Sticky Player plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 8.0 via the content/downloader.php file. This makes it possible for unauthenticate
Several WordPress plugins using elFinder versions 2.1.64 and prior are vulnerable to Directory Traversal in various versions. This makes it possible for unauthenticated attackers to delete arbitrary f
WordPress Plugin Anti-Malware Security and Bruteforce Firewall 4.20.59 contains a directory traversal vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the fi
Page 1+ Next →