Vulnerabilities protected by our Directory Traversal firewall rule

1,742,844
Attacks Blocked in Past 24 Hours

Showing 1-20 of 315 Vulnerabilities

Best WordPress Gallery Plugin – FooGallery <= 2.4.16 - Authenticated (Contributor+) Directory Traversal
7.7
CVE-2023-6947
Dec 9, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
WP Hide & Security Enhancer <= 2.5.1 - Missing Authorization to Unauthenticated Arbitrary File Contents Deletion
7.5
CVE-2024-11585
Dec 5, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
ARForms <= 6.4.1 - Directory Traversal to Authenticated (Subscriber+) Arbitrary File Read
7.7
CVE-2024-54216
Dec 2, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
PDF Generator Addon for Elementor Page Builder <= 2.0.0 - Unauthenticated Arbitrary File Download
7.5
CVE-2024-9935
Nov 15, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Chartify – WordPress Chart Plugin <= 2.9.5 - Unauthenticated Local File Inclusion via source
9.8
CVE-2024-10571
Nov 13, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
WordPress User Extra Fields <= 16.6 - Unauthenticated Arbitrary File Deletion
9.8
CVE-2024-11150
Nov 12, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
LUNA RADIO PLAYER <= 6.24.01.24 - Unauthenticated Arbitrary File Read
7.5
CVE-2024-10816
Nov 12, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
WOLF <= 1.0.8.3 - Authenticated (Editor+) CSV Path Traversal
2.7
CVE-2024-52396
Nov 11, 2024
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
CYAN Backup <= 2.5.3 - Authenticated (Admin+) Arbitrary File Download
4.9
CVE-2024-52390
Nov 11, 2024
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
WooCommerce Support Ticket System <= 17.7 - Unauthenticated Arbitrary File Deletion
9.8
CVE-2024-10625
Nov 8, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
WooCommerce Support Ticket System <= 17.7 - Authenticated (Subscriber+) Arbitrary File Deletion
8.8
CVE-2024-10626
Nov 8, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
BuddyPress <= 14.1.0 - Authenticated (Subscriber+) Directory Traversal
8.1
CVE-2024-10011
Oct 24, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
3D Work In Progress <= 1.0.3 - Authenticated (Subscriber+) Arbitrary File Deletion
8.8
CVE-2024-49657
Oct 21, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
WordPress Gallery Plugin – Limb Image Gallery <= 1.5.7 - Authenticated (Subscriber+) Arbitrary File Download
6.5
CVE-2024-49258
Oct 14, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Social Web Suite – Social Media Auto Post, Social Media Auto Publish <= 4.1.11 - Directory Traversal to Arbitrary File Download
7.5
CVE-2024-8352
Oct 2, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
LiteSpeed Cache <= 6.4.1 - Authenticated (Author+) Path Traversal
4.3
CVE-2024-47637
Sep 30, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
CSS JS Files <= 1.5.0 - Authenticated (Admin+) Arbitrary File Read
4.9
CVE-2024-9146
Sep 24, 2024
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Contact Form 7 Campaign Monitor Extension <= 0.4.67 - Missing Authorization to Unauthenticated Arbitrary File Deletion
9.8
CVE-2024-44019
Sep 24, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
The Ultimate WordPress Toolkit – WP Extended <= 3.0.8 - Directory Traversal to Authenticated (Subscriber+) Arbitrary File Download
8.8
CVE-2024-8104
Sep 3, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar <= 5.7.0.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Deletion
8.1
CVE-2024-7856
Aug 28, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
Title CVE ID CVSS Vector Date
Best WordPress Gallery Plugin – FooGallery <= 2.4.16 - Authenticated (Contributor+) Directory Traversal CVE-2023-6947 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N December 9, 2024
WP Hide & Security Enhancer <= 2.5.1 - Missing Authorization to Unauthenticated Arbitrary File Contents Deletion CVE-2024-11585 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N December 5, 2024
ARForms <= 6.4.1 - Directory Traversal to Authenticated (Subscriber+) Arbitrary File Read CVE-2024-54216 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N December 2, 2024
PDF Generator Addon for Elementor Page Builder <= 2.0.0 - Unauthenticated Arbitrary File Download CVE-2024-9935 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N November 15, 2024
Chartify – WordPress Chart Plugin <= 2.9.5 - Unauthenticated Local File Inclusion via source CVE-2024-10571 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H November 13, 2024
WordPress User Extra Fields <= 16.6 - Unauthenticated Arbitrary File Deletion CVE-2024-11150 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H November 12, 2024
LUNA RADIO PLAYER <= 6.24.01.24 - Unauthenticated Arbitrary File Read CVE-2024-10816 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N November 12, 2024
WOLF <= 1.0.8.3 - Authenticated (Editor+) CSV Path Traversal CVE-2024-52396 2.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N November 11, 2024
CYAN Backup <= 2.5.3 - Authenticated (Admin+) Arbitrary File Download CVE-2024-52390 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N November 11, 2024
WooCommerce Support Ticket System <= 17.7 - Unauthenticated Arbitrary File Deletion CVE-2024-10625 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H November 8, 2024
WooCommerce Support Ticket System <= 17.7 - Authenticated (Subscriber+) Arbitrary File Deletion CVE-2024-10626 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H November 8, 2024
BuddyPress <= 14.1.0 - Authenticated (Subscriber+) Directory Traversal CVE-2024-10011 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N October 24, 2024
3D Work In Progress <= 1.0.3 - Authenticated (Subscriber+) Arbitrary File Deletion CVE-2024-49657 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H October 21, 2024
WordPress Gallery Plugin – Limb Image Gallery <= 1.5.7 - Authenticated (Subscriber+) Arbitrary File Download CVE-2024-49258 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N October 14, 2024
Social Web Suite – Social Media Auto Post, Social Media Auto Publish <= 4.1.11 - Directory Traversal to Arbitrary File Download CVE-2024-8352 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N October 2, 2024
LiteSpeed Cache <= 6.4.1 - Authenticated (Author+) Path Traversal CVE-2024-47637 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N September 30, 2024
CSS JS Files <= 1.5.0 - Authenticated (Admin+) Arbitrary File Read CVE-2024-9146 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N September 24, 2024
Contact Form 7 Campaign Monitor Extension <= 0.4.67 - Missing Authorization to Unauthenticated Arbitrary File Deletion CVE-2024-44019 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H September 24, 2024
The Ultimate WordPress Toolkit – WP Extended <= 3.0.8 - Directory Traversal to Authenticated (Subscriber+) Arbitrary File Download CVE-2024-8104 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H September 3, 2024
MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar <= 5.7.0.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Deletion CVE-2024-7856 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H August 28, 2024

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation