Vulnerabilities protected by our Directory Traversal firewall rule

1,756,533
Attacks Blocked in Past 24 Hours

Showing 181-200 of 315 Vulnerabilities

Title CVE ID CVSS Vector Date
WooCommerce <= 3.4.5 - WooCommerce File Deletion CVE-2018-20714 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H November 6, 2018
Advanced Access Manager <= 2.8.2 - Arbitrary File Overwrite CVE-2014-6059 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H August 20, 2014
Album and Image Gallery with Lightbox – Flagallery Photo Portfolio < 3.1.0 - Arbitrary File Deletion 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H December 24, 2012
Ultimate Addons for WPBakery Page Builder <= 3.19.14 - Authenticated(Contributor+) Local File Inclusion CVE-2023-46205 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N October 19, 2023
BackWPup <= 4.0.1 - Authenticated (Administrator+) Directory Traversal CVE-2023-5505 6.8 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H August 16, 2024
Quttera Web Malware Scanner <= 3.4.1.48 - Authenticated (Administrator+) Directory Traversal via ShowFile CVE-2023-6222 6.8 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N November 21, 2023
Contact Form by WPForms <= 1.7.5.3 - Authenticated (Administrator+) Arbitrary File Access via Path Traversal 6.8 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N September 19, 2022
Enable Media Replace <= 3.6.3 - Authenticated (Administrator+) Path Traversal CVE-2022-2554 6.8 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N September 14, 2022
All-in-One WP Migration <= 7.58 - Directory Traversal to File Deletion on Windows Hosts CVE-2022-1476 6.6 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H April 28, 2022
WordPress Gallery Plugin – Limb Image Gallery <= 1.5.7 - Authenticated (Subscriber+) Arbitrary File Download CVE-2024-49258 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N October 14, 2024
Mercado Pago payments for WooCommerce 7.3.0 - 7.6.1 - Authenticated (Subscriber+) Arbitrary File Download CVE-2024-3934 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N July 19, 2024
Ovic Importer <= 1.6.3 - Authenticated (Subscriber+) Arbitrary File Download CVE-2024-35754 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N June 6, 2024
SellKit <= 1.8.1 - Authenticated (Subscriber+) Arbitrary File Download CVE-2024-30509 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N March 28, 2024
Backuply – Backup, Restore, Migrate and Clone <= 1.2.3 - Authenticated (Administrator+) Directory Traversal CVE-2024-0697 6.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N January 26, 2024
WP Mail Log <= 1.1.2 - Authenticated (Contributor+) Arbitrary File Read CVE-2023-5672 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N November 28, 2023
CataBlog <= 1.7.0 - Authenticated (Editor+) Arbitrary File Deletion CVE-2023-47843 6.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H November 20, 2023
Welcart e-Commerce <= 2.8.5 - Authenticated (Subscriber+) Information Disclosure and PHAR deserialization CVE-2022-4237 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N December 5, 2022
Welcart e-Commerce <= 2.8.4 - Authenticated (Subscriber+) Arbitrary File Read CVE-2022-4236 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N December 5, 2022
Booster (<= 5.6.6) and Booster Plus (<= 5.6.4) for WooCommerce - Authenticated (Shop Manager+) Information Exposure via Arbitrary File Download CVE-2022-3762 6.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N October 27, 2022
Import any XML or CSV File to WordPress <= 3.6.8 - Authenticated (Administrator+) Arbitrary File Upload via Path Traversal CVE-2022-2711 6.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N October 17, 2022

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation