Vulnerabilities protected by our Directory Traversal (Requesting wp-config.php) firewall rule

727,522
Attacks Blocked in Past 24 Hours

Showing 181-200 of 225 Vulnerabilities

Title CVE ID CVSS Vector Date
Smush – Lazy Load Images, Optimize & Compress Images <= 2.7.5 - Directory Traversal CVE-2017-15079 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N September 21, 2017
Swim Team < 1.45.1085 - Directory Traversal CVE-2015-5471 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N July 8, 2015
PayPal Currency Converter BASIC for WooCommerce <= 1.3 - Path Traversal to Arbitrary File Read CVE-2015-5065 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N June 10, 2015
Easy2map-photos <= 1.0.9 - Path Traversal CVE-2015-4617 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N June 8, 2015
Aspose Cloud eBook Generator <= 1.0 - Directory Traversal 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N March 27, 2015
Tom M8te <= 1.5.3 - Directory Traversal CVE-2014-5187 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N September 27, 2014
Last.fm Rotation <= 1.0 - Directory Traversal CVE-2014-5181 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N May 28, 2014
Ripe HD FLV <= 1.1 - Full Path Disclosure 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N January 20, 2013
Eshop Magic < 0.2 - Arbitrary File Read 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N October 12, 2012
Wp-ImageZoom < 1.0.5 - Directory Traversal 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N June 18, 2012
myEASYbackup < 1.0.9 - Directory Traversal CVE-2012-0898 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N January 16, 2012
DMSGuestbook <= 1.8.0 - Directory Traversal CVE-2008-0615 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N February 2, 2008
WordPress Shortcodes Plugin — Shortcodes Ultimate < 4.10.0 - Directory Traversal CVE-2017-2245 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N June 23, 2017
Download Monitor <= 4.7.2 - Authenticated Directory Traversal to Sensitive Information Exposure 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N November 1, 2022
Booster Elite for WooCommerce < 1.1.7 - Authenticated (Admin/Shop Manager+) Arbitrary File Download CVE-2022-3762 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N October 31, 2022
Download Manager <= 3.2.54 - Authenticated (Admin+) Path Traversal CVE-2022-2926 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N September 5, 2022
Infinite Scroll – Ajax Load More <= 5.5.4 - Authenticated (Admin+) Arbitrary File Read via Directory Traversal 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N August 31, 2022
WordPress Infinite Scroll – Ajax Load More <= 5.5.3 - Directory Traversal CVE-2022-2945 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N August 22, 2022
WPide <= 2.6 - Authenticated (Administrator+) Arbitrary File Read CVE-2022-35235 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N August 9, 2022
GiveWP <= 2.20.2 - Authenticated Arbitrary File Read CVE-2022-31475 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N July 12, 2022

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation