Vulnerabilities protected by our Directory Traversal firewall rule

2,037,844
Attacks Blocked in Past 24 Hours

Showing 61-80 of 315 Vulnerabilities

Title CVE ID CVSS Vector Date
BackWPup <= 4.0.1 - Authenticated (Administrator+) Directory Traversal CVE-2023-5504 8.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H November 22, 2023
Quttera Web Malware Scanner <= 3.4.1.48 - Authenticated (Administrator+) Directory Traversal via ShowFile CVE-2023-6222 6.8 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N November 21, 2023
CataBlog <= 1.7.0 - Authenticated (Editor+) Arbitrary File Deletion CVE-2023-47843 6.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H November 20, 2023
File Manager <= 6.3 - Authenticated (Admin+) Arbitrary OS File Access via Path Traversal CVE-2023-5907 2.2 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:N November 20, 2023
Frontend File Manager Plugin <= 22.5 - Authenticated (Editor+) Directory Traversal CVE-2023-5105 9.1 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H November 13, 2023
Mmm Simple File List <= 2.3 - Authenticated (Subscriber+) Directory Traversal CVE-2023-4297 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H November 6, 2023
Ultimate Addons for WPBakery Page Builder <= 3.19.14 - Authenticated(Contributor+) Local File Inclusion CVE-2023-46205 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N October 19, 2023
Remote Content Shortcode <= 1.5 - Authenticated(Contributor+) Local File Inclusion via shortcode CVE-2023-45652 6.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L October 12, 2023
Icegram Express <= 5.6.23 - Authenticated (Administrator+) Directory Traversal to Arbitrary File Read CVE-2023-5414 9.1 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H October 11, 2023
Migration, Backup, Staging – WPvivid <= 0.9.89 - Authenticated (Administrator+) Arbitrary Directory Deletion via Path Traversal CVE-2023-4274 8.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H September 22, 2023
Orders Tracking for WooCommerce <= 1.2.5 - Authenticated (Administrator+) Directory Traversal via 'file_url' CVE-2023-4216 2.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N August 14, 2023
WordPress File Upload / WordPress File Upload Pro <= 4.19.1 - Authenticated (Administrator+) Path Traversal CVE-2023-2688 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N May 23, 2023
Unite Gallery Lite <= 1.7.59 - Authenticated(Administrator+) Local File Inclusion via 'view' parameter CVE-2023-33310 5.0 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:L/A:N May 22, 2023
WordPress Core < 6.2.1 - Directory Traversal CVE-2023-2745 5.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N May 16, 2023
MW WP Form <= 4.4.2 - Directory Traversal via _file_upload CVE-2023-28409 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N May 8, 2023
Snow Monkey Forms <= 5.1.1 - Directory Traversal via 'view' REST endpiont CVE-2023-28413 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N May 8, 2023
JupiterX Theme <= 3.0.0 - Authenticated Local File Inclusion via print_pane CVE-2023-32110 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N May 3, 2023
Image Optimizer by 10web <= 1.0.26 - Authenticated(Administator+) Directory Traversal CVE-2023-2117 2.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N May 2, 2023
Image Optimizer by 10web <= 1.0.25 - Directory Traversal to Information Exposure 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N April 19, 2023
Photo Gallery by 10Web <= 1.8.14 - Authenticated (Administrator+) Directory Traversal CVE-2023-1427 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N March 21, 2023

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation