PT-2025-25482 · WordPress · Image Resizer On The Fly

Name of the Vulnerable Software and Affected Versions: Image Resizer On The Fly plugin for WordPress versions up to, and including, 1.1 Description: The issue is related to insufficient file path validation in the 'delete' task, allowing unauthenticated attackers to delete arbitrary files on the...

CVE-2025-3055

The WP User Frontend Pro plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the deleteavatarajax function in all versions up to, and including, 4.1.3. This makes it possible for authenticated attackers, with Subscriber-level access and above,...

PT-2025-23895 · WordPress · Wp User Frontend Pro

Name of the Vulnerable Software and Affected Versions: WP User Frontend Pro plugin for WordPress versions up to, and including, 4.1.3 Description: The issue is related to insufficient file path validation in the delete avatar ajax function, allowing authenticated attackers with Subscriber-level...

PT-2025-22837

Name of the Vulnerable Software and Affected Versions eMagicOne Store Manager for WooCommerce plugin for WordPress versions 1.2.5 and earlier Description The issue is related to insufficient file path validation in the delete file function, allowing unauthenticated attackers to delete arbitrary...

CVE-2024-7514

The WordPress Comments Import & Export plugin for WordPress is vulnerable to to arbitrary file read due to insufficient file path validation during the comments import process, in versions up to, and including, 2.3.7. This makes it possible for authenticated attackers, with Author-level access an...

CVE-2024-47563

A vulnerability has been identified in SINEC Security Monitor All versions V4.9.0. The affected application does not properly validate a file path that is supplied to an endpoint intended to create CSR files. This could allow an unauthenticated remote attacker to create files in writable...

CVE-2024-10857

The Product Input Fields for WooCommerce plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.9 via the handledownloads function due to insufficient file path validation/sanitization. This makes it possible for authenticated attackers, with...

CVE-2023-5672

The WP Mail Log WordPress plugin before 1.1.3 does not properly validate file path parameters when attaching files to emails, leading to local file inclusion, and allowing an attacker to leak the contents of arbitrary files...

CVE-2022-39349

The Tasks.org Android app is an open-source app for to-do lists and reminders. The Tasks.org app uses the activity ShareLinkActivity.kt to handle "share" intents coming from other components in the same device and convert them to tasks. Those intents may contain arbitrary file paths as attachment...

CVE-2020-2201

Jenkins Sonargraph Integration Plugin 3.0.0 and earlier does not escape the file path for the Log file field form validation, resulting in a stored cross-site scripting vulnerability...

CVE-2020-1286

A remote code execution vulnerability exists when the Windows Shell does not properly validate file paths.An attacker who successfully exploited this vulnerability could run arbitrary code in the context of the current user, aka 'Windows Shell Remote Code Execution Vulnerability'...

CVE-2020-1081

An elevation of privilege vulnerability exists when the Windows Printer Service improperly validates file paths while loading printer drivers, aka 'Windows Printer Service Elevation of Privilege Vulnerability'...

CVE-2025-4564

The TicketBAI Facturas para WooCommerce plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation via the 'delpdf' action in all versions up to, and including, 3.18. This makes it possible for unauthenticated attackers to delete arbitrary files on the...

USN-7473-1: Ghostscript vulnerability

It was discovered that Ghostscript incorrectly handled parsing certain PS files. An attacker could use this issue to cause Ghostscript to crash, resulting in a denial of service, or possibly bypass file path validation...

USN-7473-1 ghostscript vulnerability

It was discovered that Ghostscript incorrectly handled parsing certain PS files. An attacker could use this issue to cause Ghostscript to crash, resulting in a denial of service, or possibly bypass file path validation...

Ubuntu 24.04 LTS / 24.10 : Ghostscript vulnerability (USN-7473-1)

The remote Ubuntu 24.04 LTS / 24.10 host has packages installed that are affected by a vulnerability as referenced in the USN-7473-1 advisory. It was discovered that Ghostscript incorrectly handled parsing certain PS files. An attacker could use this issue to cause Ghostscript to crash, resulting...

CVE-2025-3065

The Database Toolset plugin is vulnerable to arbitrary file deletion due to insufficient file path validation in a function in all versions up to, and including, 1.8.4. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote co...

CVE-2025-3103

The CLEVER - HTML5 Radio Player With History - Shoutcast and Icecast - Elementor Widget Addon plugin for WordPress is vulnerable to arbitrary file read due to insufficient file path validation in the 'history.php' file in all versions up to, and including, 2.4. This makes it possible for...

CVE-2025-3065

The Database Toolset plugin is vulnerable to arbitrary file deletion due to insufficient file path validation in a function in all versions up to, and including, 1.8.4. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote co...

PT-2025-17712 · Unknown · Database Toolset

Name of the Vulnerable Software and Affected Versions: Database Toolset plugin versions 1.8.4 and earlier Description: The issue is related to insufficient file path validation in a function, allowing unauthenticated attackers to delete arbitrary files on the server. This can lead to remote code...