2685 matches found
CVE-2026-8379
The CVE-2026-8379 entry concerns the Frontend File Manager Plugin for WordPress (≤ 23.6). The vulnerability is a failure to properly enforce nonce verification on the file download handler, enabling unauthenticated attackers to download files uploaded by any user by iterating identifiers. The iss...
Longjing Technology BEMS API 1.21 - Unauthenticated Arbitrary File Download
Longjing Technology BEMS API 1.21 is vulnerable to local file inclusion. Input passed through the fileName parameter through the downloads API endpoint is not properly verified before being used to download files. This can be exploited to disclose the contents of arbitrary and sensitive files...
WordPress Eventin (Themewinter) ≤ 4.0.26 - Arbitrary File Download
Themewinter Eventin contains a path traversal caused by relative path manipulation, letting attackers access arbitrary files on the server, exploit requires no specific privileges or user interaction. id: CVE-2025-47445 info: name: WordPress Eventin Themewinter ≤ 4.0.26 - Arbitrary File Download...
Wipro Holmes Orchestrator 20.4.1 - Arbitrary File Download
The File Download API in Wipro Holmes Orchestrator 20.4.1 20.4.102112020 allows remote attackers to read arbitrary files via absolute path traversal in the SearchString JSON field in /home/download POST data. id: CVE-2021-38146 info: name: Wipro Holmes Orchestrator 20.4.1 - Arbitrary File Downloa...
EUVD-2026-37647
Unauthenticated Arbitrary File Download in WP Media folder Addon = 4.0.1 versions...
EUVD-2026-37593
CP Client Arbitrary File Download in Client Portal Pro = 5.6.2 versions...
EUVD-2026-37656
Subscriber Arbitrary File Download in Woocommerce Book Price = 1.3 versions...
CVE-2026-9690
Unauthenticated Arbitrary File Download in WP Media folder Addon = 4.0.1 versions...
CVE-2026-40724
CP Client Arbitrary File Download in Client Portal Pro = 5.6.2 versions...
CVE-2025-69131
Unauthenticated Arbitrary File Download in WordPress & WooCommerce Scraper Plugin, Import Data from Any Site = 1.0.7 versions...
CVE-2025-49403
Unauthenticated Arbitrary File Download in Premium Age Verification / Restriction for WordPress = 3.0.2 versions...
CVE-2026-40724
CVE-2026-40724 concerns the WordPress Client Portal (Pro) plugin, affected versions <= 5.6.2. The vulnerability is described as an Arbitrary File Download in CP Client Arbitrary File Download for Client Portal (Pro)
CVE-2026-40724 WordPress Client Portal (Pro) plugin <= 5.6.2 - Arbitrary File Download vulnerability
CP Client Arbitrary File Download in Client Portal Pro = 5.6.2 versions...
CVE-2026-22334 WordPress Woocommerce Book Price plugin <= 1.3 - Arbitrary File Download vulnerability
Subscriber Arbitrary File Download in Woocommerce Book Price = 1.3 versions...
CVE-2026-22334
CVE-2026-22334 concerns the WordPress Woocommerce Book Price plugin (<= 1.3). The vulnerability is an Arbitrary File Download that requires authentication (Subscriber level or higher). The CVE entry notes an authenticated path to download arbitrary files, with a base CVSS v3.1 score of 7.5 (HI...
CVE-2026-9690
CVE-2026-9690 concerns the WordPress WP Media folder Addon plugin (versions <= 4.0.1). The vulnerability is an unauthenticated arbitrary file download, enabling an attacker to download arbitrary files from the affected site without authentication. The issue is associated with the WP Media fold...
CVE-2026-9690 WordPress WP Media folder Addon plugin <= 4.0.1 - Arbitrary File Download vulnerability
Unauthenticated Arbitrary File Download in WP Media folder Addon = 4.0.1 versions...
CVE-2025-49403
CVE-2025-49403 affects Premium Age Verification / Restriction for WordPress (WordPress plugin) versions <= 3.0.2. Unauthenticated Arbitrary File Download is reported; Patchstack notes vulnerability in versions
CVE-2025-49403 WordPress Premium Age Verification / Restriction for WordPress Plugin <= 3.0.2 - Arbitrary File Download Vulnerability
Unauthenticated Arbitrary File Download in Premium Age Verification / Restriction for WordPress = 3.0.2 versions...
PT-2026-50363
Name of the Vulnerable Software and Affected Versions WP Media folder Addon versions prior to 4.0.2 Description An unauthenticated arbitrary file download issue exists in the software, allowing an attacker to download files without providing credentials. Recommendations Update to version 4.0.2 or...