Vulnerabilities protected by our Directory Traversal firewall rule

1,775,202
Attacks Blocked in Past 24 Hours

Showing 1-20 of 315 Vulnerabilities

Title CVE ID CVSS Vector Date
Best WordPress Gallery Plugin – FooGallery <= 2.4.16 - Authenticated (Contributor+) Directory Traversal CVE-2023-6947 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N December 9, 2024
WP Hide & Security Enhancer <= 2.5.1 - Missing Authorization to Unauthenticated Arbitrary File Contents Deletion CVE-2024-11585 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N December 5, 2024
ARForms <= 6.4.1 - Directory Traversal to Authenticated (Subscriber+) Arbitrary File Read CVE-2024-54216 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N December 2, 2024
PDF Generator Addon for Elementor Page Builder <= 2.0.0 - Unauthenticated Arbitrary File Download CVE-2024-9935 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N November 15, 2024
Chartify – WordPress Chart Plugin <= 2.9.5 - Unauthenticated Local File Inclusion via source CVE-2024-10571 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H November 13, 2024
WordPress User Extra Fields <= 16.6 - Unauthenticated Arbitrary File Deletion CVE-2024-11150 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H November 12, 2024
LUNA RADIO PLAYER <= 6.24.01.24 - Unauthenticated Arbitrary File Read CVE-2024-10816 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N November 12, 2024
WOLF <= 1.0.8.3 - Authenticated (Editor+) CSV Path Traversal CVE-2024-52396 2.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N November 11, 2024
CYAN Backup <= 2.5.3 - Authenticated (Admin+) Arbitrary File Download CVE-2024-52390 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N November 11, 2024
WooCommerce Support Ticket System <= 17.7 - Unauthenticated Arbitrary File Deletion CVE-2024-10625 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H November 8, 2024
WooCommerce Support Ticket System <= 17.7 - Authenticated (Subscriber+) Arbitrary File Deletion CVE-2024-10626 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H November 8, 2024
BuddyPress <= 14.1.0 - Authenticated (Subscriber+) Directory Traversal CVE-2024-10011 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N October 24, 2024
3D Work In Progress <= 1.0.3 - Authenticated (Subscriber+) Arbitrary File Deletion CVE-2024-49657 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H October 21, 2024
WordPress Gallery Plugin – Limb Image Gallery <= 1.5.7 - Authenticated (Subscriber+) Arbitrary File Download CVE-2024-49258 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N October 14, 2024
Social Web Suite – Social Media Auto Post, Social Media Auto Publish <= 4.1.11 - Directory Traversal to Arbitrary File Download CVE-2024-8352 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N October 2, 2024
LiteSpeed Cache <= 6.4.1 - Authenticated (Author+) Path Traversal CVE-2024-47637 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N September 30, 2024
CSS JS Files <= 1.5.0 - Authenticated (Admin+) Arbitrary File Read CVE-2024-9146 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N September 24, 2024
Contact Form 7 Campaign Monitor Extension <= 0.4.67 - Missing Authorization to Unauthenticated Arbitrary File Deletion CVE-2024-44019 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H September 24, 2024
The Ultimate WordPress Toolkit – WP Extended <= 3.0.8 - Directory Traversal to Authenticated (Subscriber+) Arbitrary File Download CVE-2024-8104 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H September 3, 2024
MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar <= 5.7.0.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Deletion CVE-2024-7856 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H August 28, 2024

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation