CVE-2025-32509

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in WPMinds Simple WP Events simple-wp-events allows Path Traversal.This issue affects Simple WP Events: from n/a through = 1.8.17...

CVE-2025-32509 WordPress Simple WP Events plugin <= 1.8.17 - Arbitrary File Deletion vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in WPMinds Simple WP Events simple-wp-events allows Path Traversal.This issue affects Simple WP Events: from n/a through = 1.8.17...

CVE-2025-32509

CVE-2025-32509 affects WordPress plugin Simple WP Events (versions ≤ 1.8.17). The issue is an improper limitation of a pathname to a restricted directory, i.e., a path traversal vulnerability. Some connected sources also indicate the underlying impact as arbitrary file deletion. The vulnerability...

CVE-2022-32509

An issue was discovered on certain Nuki Home Solutions devices. Lack of certificate validation on HTTP communications allows attackers to intercept and tamper data. This affects Nuki Smart Lock 3.0 before 3.3.5, Nuki Bridge v1 before 1.22.0 and Nuki Bridge v2 before 2.13.2...

CVE-2022-32509

Technical details for CVE-2022-32509 are not publicly available in the provided documents. No specific affected versions, root cause, impact, or fixes are described here; monitor official advisories for updates.

CVE-2024-32509

Missing Authorization vulnerability in Loopus WP Cost Estimation & Payment Forms Builder.This issue affects WP Cost Estimation & Payment Forms Builder: from n/a through 10.1.76...

CVE-2024-32509

Technical details about CVE-2024-32509 (WP Cost Estimation & Payment Forms Builder) are not publicly provided in the supplied documents. Monitor for updates.

WordPress WP Cost Estimation & Payment Forms Builder Plugin <= 10.1.76 is vulnerable to Broken Access Control

Software WP Cost Estimation & Payment Forms Builder Type Plugin Vulnerable versions = 10.1.76 Fixed in 10.1.77 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-32509 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 4f90762b9976...

CVE-2023-32509

creationtimestamp| type| source ---|---|--- 2023-08-23 18:34:53+00:00| seen| https://t.me/cibsecurity/69068...

CVE-2023-32509

CVE-2023-32509: Unauthenticated reflected XSS in WordPress plugin Order Your Posts Manually (

WordPress Order Your Posts Manually Plugin <= 2.2.5 is vulnerable to Cross Site Scripting (XSS)

Software Order Your Posts Manually Type Plugin Vulnerable versions = 2.2.5 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-32509 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID e62fb3aadea4 Credits minhtuana...

CVE-2021-32509 QSAN Storage Manager - UNIX Symbolic Link (Symlink) Following via FileviewDoc function

Absolute Path Traversal vulnerability in FileviewDoc in QSAN Storage Manager allows remote authenticated attackers access arbitrary files by injecting the Symbolic Link following the Url path parameter. The referred vulnerability has been solved with the updated version of QSAN Storage Manager...

CVE-2021-32509

CVE-2021-32509 describes an absolute path traversal in QSAN Storage Manager's FileviewDoc function. The vulnerability allows remote authenticated attackers to access arbitrary files by injecting a Symbolic Link via the Url path parameter. Multiple sources confirm affected versions include pre-3.3...