235 matches found
CVE-2025-3065
The Database Toolset plugin is vulnerable to arbitrary file deletion due to insufficient file path validation in a function in all versions up to, and including, 1.8.4. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote co...
PT-2025-17712 · Unknown · Database Toolset
Name of the Vulnerable Software and Affected Versions: Database Toolset plugin versions 1.8.4 and earlier Description: The issue is related to insufficient file path validation in a function, allowing unauthenticated attackers to delete arbitrary files on the server. This can lead to remote code...
PT-2025-17874 · Allegra +1 · Allegra
Name of the Vulnerable Software and Affected Versions: Allegra affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations of Allegra. Authentication is required to exploit this issue. The flaw exists within the implementatio...
PT-2025-17356 · WordPress · Clever - Html5 Radio Player With History - Shoutcast/Icecast - Elementor Widget Addon
Name of the Vulnerable Software and Affected Versions: CLEVER - HTML5 Radio Player With History - Shoutcast and Icecast - Elementor Widget Addon plugin for WordPress versions up to, and including, 2.4 Description: The issue is related to insufficient file path validation in the 'history.php' file...
CVE-2025-3294
The WP Editor plugin for WordPress is vulnerable to arbitrary file update due to missing file path validation in all versions up to, and including, 1.2.9.1. This makes it possible for authenticated attackers, with Administrator-level access and above, to overwrite arbitrary files on the affected...
CVE-2024-13177
CVE-2024-13177 affects Netskope Client on macOS where the postinstall script fails to validate the path of the nsinstallation file, allowing a local attacker to create a symlink to escalate privileges to a different file. Reported impact is privilege escalation with affected versions before 123.0...
PT-2025-15333 · WordPress · Simple Wp Events
Name of the Vulnerable Software and Affected Versions: Simple WP Events plugin for WordPress versions up to and including 1.8.17 Description: The issue arises from insufficient file path validation in the wpe delete file AJAX action, allowing unauthenticated attackers to delete arbitrary files on...
CVE-2025-2941
The Drag and Drop Multiple File Upload for WooCommerce plugin for WordPress is vulnerable to arbitrary file moving due to insufficient file path validation via the wc-upload-file parameter in all versions up to, and including, 1.1.4. This makes it possible for unauthenticated attackers to move...
CVE-2025-2941 Drag and Drop Multiple File Upload for WooCommerce <= 1.1.4 - Unauthenticated Arbitrary File Move
The Drag and Drop Multiple File Upload for WooCommerce plugin for WordPress is vulnerable to arbitrary file moving due to insufficient file path validation via the wc-upload-file parameter in all versions up to, and including, 1.1.4. This makes it possible for unauthenticated attackers to move...
CVE-2025-2007
The Import Export Suite for CSV and XML Datafeed plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the deleteImage function in all versions up to, and including, 7.19. This makes it possible for authenticated attackers, with Subscriber-level...
CVE-2025-2328
The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'dndremoveuploadedfiles' function in all versions up to, and including, 1.3.8.7. This makes it possible for unauthenticated...
CVE-2025-2328 Drag and Drop Multiple File Upload for Contact Form 7 <= 1.3.8.7 - Unauthenticated Arbitrary File Deletion
The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'dndremoveuploadedfiles' function in all versions up to, and including, 1.3.8.7. This makes it possible for unauthenticated...
CVE-2025-2328
Technical details for CVE-2025-2328 are not provided in the connected documents. Monitor for official updates on affected products, root cause, impact, and remediation.
Path Traversal
agentscope is vulnerable to Path Traversal. The vulnerability is due to improper validation of file paths in the save-workflow and load-workflow functionality, allowing an attacker to read and write arbitrary JSON files on the filesystem...
CVE-2024-13922
The Order Export & Order Import for WooCommerce plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the adminlogpage function in all versions up to, and including, 2.6.0. This makes it possible for authenticated attackers, with...
CVE-2024-8958
In composiohq/composio version 0.4.3, there is an unrestricted file write and read vulnerability in the filetools actions. Due to improper validation of file paths, an attacker can read and write files anywhere on the server, potentially leading to privilege escalation or remote code execution...
CVE-2025-1972
CVE-2025-1972 affects the WordPress plugin Export and Import Users and Customers (versions
PT-2025-12479 · WordPress · Export/Import Users/Customers
Name of the Vulnerable Software and Affected Versions: Export and Import Users and Customers plugin for WordPress versions prior to 2.6.3 Description: The issue is related to insufficient file path validation in the admin log page function, allowing authenticated attackers with Administrator-leve...
WordPress plugin CS Framework 路径遍历漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A path traversal...
CVE-2024-13780 Hero Mega Menu - Responsive WordPress Menu Plugin <= 1.16.5 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Directory Deletion
The Hero Mega Menu - Responsive WordPress Menu Plugin plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the hmenudeletemenu function in all versions up to, and including, 1.16.5. This makes it possible for unauthenticated attackers to delete...