Vulnerabilities protected by our Directory Traversal (Requesting wp-config.php) firewall rule

902,629
Attacks Blocked in Past 24 Hours

Showing 1-20 of 225 Vulnerabilities

Title CVE ID CVSS Vector Date
BuddyPress 2.0 - 2.7.3 - Unauthenticated Arbitrary File Deletion 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H December 23, 2016
Dynamic Font Replacement DFR4WP EN <= 1.3 EN - Arbitrary File Deletion 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H July 12, 2022
Admin Word Count Column <= 2.2 - Arbitrary File Read 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H March 27, 2022
WordPress File Upload <= 4.12.2 - Directory Traversal to Remote Code Execution CVE-2020-10564 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H March 13, 2020
Advanced Access Manager <= 5.9.8.1 - Unauthenticated Arbitrary File Read CVE-2019-25213 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H September 9, 2019
WPS Child Theme Generator < 1.2 - Directory Traversal CVE-2019-15822 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H July 23, 2019
微信群发助手-Wechat Broadcast <= 1.2.0 - Directory Traversal CVE-2018-16283 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H September 19, 2018
Media File Manager <= 1.4.2 - Directory Traversal to Arbitrary File Relocation CVE-2018-19042 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H May 11, 2018
Membership Simplified <= 1.58 - Arbitrary File Download CVE-2017-1002008 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H March 13, 2017
SE HTML5 Album Audio Player <= 1.1.0 - Directory Traversal CVE-2015-4414 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H June 6, 2015
My Calendar <= 2.3.29 - Path Traversal to Remote Code Execution 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H May 15, 2015
Broadcast Live Video – Live Streaming : HTML5, WebRTC, HLS, RTSP, RTMP < 4.29.5 - Arbitrary File Read/Deletion CVE-2014-1907 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H February 27, 2014
A Page Flip Book < 3.0 - Directory Traversal CVE-2012-6652 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H July 10, 2012
wordTube <= 1.43 - Directory Traversal and File Inclusion CVE-2007-2482 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H May 1, 2007
Ultimate Member – User Profile, User Registration, Login & Membership Plugin <= 2.0.45 - Arbitrary File Deletion/Read 9.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L May 13, 2019
Frontend File Manager Plugin <= 22.5 - Authenticated (Editor+) Directory Traversal CVE-2023-5105 9.1 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H November 13, 2023
Icegram Express <= 5.6.23 - Authenticated (Administrator+) Directory Traversal to Arbitrary File Read CVE-2023-5414 9.1 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H October 11, 2023
OMGF <= 4.5.3 - Unauthenticated Path Traversal in REST API CVE-2021-24638 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H August 23, 2021
WP Fastest Cache <= 0.8.9.5 - Directory Traversal CVE-2019-13635 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N July 28, 2019
Real3D Flipbook <= 1.0.0 - Directory Traversal CVE-2016-10965 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H July 3, 2016

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation