Lucene search
K

235 matches found

NVD
NVD
added 2025/04/24 9:15 a.m.16 views

CVE-2025-3065

The Database Toolset plugin is vulnerable to arbitrary file deletion due to insufficient file path validation in a function in all versions up to, and including, 1.8.4. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote co...

9.1CVSS0.00892EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/04/24 12:0 a.m.4 views

PT-2025-17712 · Unknown · Database Toolset

Name of the Vulnerable Software and Affected Versions: Database Toolset plugin versions 1.8.4 and earlier Description: The issue is related to insufficient file path validation in a function, allowing unauthenticated attackers to delete arbitrary files on the server. This can lead to remote code...

9.1CVSS9.6AI score0.00892EPSS
Exploits0References13
Positive Technologies
Positive Technologies
added 2025/04/24 12:0 a.m.5 views

PT-2025-17874 · Allegra +1 · Allegra

Name of the Vulnerable Software and Affected Versions: Allegra affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations of Allegra. Authentication is required to exploit this issue. The flaw exists within the implementatio...

8.8CVSS7.3AI score0.01781EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2025/04/19 12:0 a.m.4 views

PT-2025-17356 · WordPress · Clever - Html5 Radio Player With History - Shoutcast/Icecast - Elementor Widget Addon

Name of the Vulnerable Software and Affected Versions: CLEVER - HTML5 Radio Player With History - Shoutcast and Icecast - Elementor Widget Addon plugin for WordPress versions up to, and including, 2.4 Description: The issue is related to insufficient file path validation in the 'history.php' file...

7.5CVSS7.8AI score0.00329EPSS
Exploits0References9
NVD
NVD
added 2025/04/17 6:15 a.m.39 views

CVE-2025-3294

The WP Editor plugin for WordPress is vulnerable to arbitrary file update due to missing file path validation in all versions up to, and including, 1.2.9.1. This makes it possible for authenticated attackers, with Administrator-level access and above, to overwrite arbitrary files on the affected...

7.2CVSS0.00819EPSS
Exploits0References2
CVE
CVE
added 2025/04/15 3:21 p.m.75 views

CVE-2024-13177

CVE-2024-13177 affects Netskope Client on macOS where the postinstall script fails to validate the path of the nsinstallation file, allowing a local attacker to create a symlink to escalate privileges to a different file. Reported impact is privilege escalation with affected versions before 123.0...

5.2CVSS6.7AI score0.00124EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/04/08 12:0 a.m.5 views

PT-2025-15333 · WordPress · Simple Wp Events

Name of the Vulnerable Software and Affected Versions: Simple WP Events plugin for WordPress versions up to and including 1.8.17 Description: The issue arises from insufficient file path validation in the wpe delete file AJAX action, allowing unauthenticated attackers to delete arbitrary files on...

9.1CVSS9.8AI score0.00767EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2025/04/07 7:40 a.m.22 views

CVE-2025-2941

The Drag and Drop Multiple File Upload for WooCommerce plugin for WordPress is vulnerable to arbitrary file moving due to insufficient file path validation via the wc-upload-file parameter in all versions up to, and including, 1.1.4. This makes it possible for unauthenticated attackers to move...

9.8CVSS8.1AI score0.01482EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/04/05 7:1 a.m.5 views

CVE-2025-2941 Drag and Drop Multiple File Upload for WooCommerce <= 1.1.4 - Unauthenticated Arbitrary File Move

The Drag and Drop Multiple File Upload for WooCommerce plugin for WordPress is vulnerable to arbitrary file moving due to insufficient file path validation via the wc-upload-file parameter in all versions up to, and including, 1.1.4. This makes it possible for unauthenticated attackers to move...

9.8CVSS8AI score0.01482EPSS
Exploits0References3
NVD
NVD
added 2025/04/01 5:15 a.m.11 views

CVE-2025-2007

The Import Export Suite for CSV and XML Datafeed plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the deleteImage function in all versions up to, and including, 7.19. This makes it possible for authenticated attackers, with Subscriber-level...

8.1CVSS0.00985EPSS
Exploits0References3
OSV
OSV
added 2025/03/28 7:15 a.m.5 views

CVE-2025-2328

The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'dndremoveuploadedfiles' function in all versions up to, and including, 1.3.8.7. This makes it possible for unauthenticated...

8.8CVSS6.4AI score0.01002EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/03/28 6:51 a.m.5 views

CVE-2025-2328 Drag and Drop Multiple File Upload for Contact Form 7 <= 1.3.8.7 - Unauthenticated Arbitrary File Deletion

The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'dndremoveuploadedfiles' function in all versions up to, and including, 1.3.8.7. This makes it possible for unauthenticated...

8.8CVSS8.2AI score0.01002EPSS
Exploits0References3
CVE
CVE
added 2025/03/28 6:51 a.m.73 views

CVE-2025-2328

Technical details for CVE-2025-2328 are not provided in the connected documents. Monitor for official updates on affected products, root cause, impact, and remediation.

8.8CVSS9AI score0.01002EPSS
Exploits0References3Affected Software1
Veracode
Veracode
added 2025/03/26 4:13 a.m.5 views

Path Traversal

agentscope is vulnerable to Path Traversal. The vulnerability is due to improper validation of file paths in the save-workflow and load-workflow functionality, allowing an attacker to read and write arbitrary JSON files on the filesystem...

9.1CVSS7.1AI score0.0091EPSS
Exploits1References4Affected Software1
RedhatCVE
RedhatCVE
added 2025/03/22 2:2 p.m.20 views

CVE-2024-13922

The Order Export & Order Import for WooCommerce plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the adminlogpage function in all versions up to, and including, 2.6.0. This makes it possible for authenticated attackers, with...

6.5CVSS7AI score0.00371EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/03/22 11:20 a.m.9 views

CVE-2024-8958

In composiohq/composio version 0.4.3, there is an unrestricted file write and read vulnerability in the filetools actions. Due to improper validation of file paths, an attacker can read and write files anywhere on the server, potentially leading to privilege escalation or remote code execution...

9.8CVSS7.8AI score0.01292EPSS
Exploits1References1
CVE
CVE
added 2025/03/22 11:18 a.m.61 views

CVE-2025-1972

CVE-2025-1972 affects the WordPress plugin Export and Import Users and Customers (versions

6.5CVSS6.8AI score0.00371EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2025/03/22 12:0 a.m.8 views

PT-2025-12479 · WordPress · Export/Import Users/Customers

Name of the Vulnerable Software and Affected Versions: Export and Import Users and Customers plugin for WordPress versions prior to 2.6.3 Description: The issue is related to insufficient file path validation in the admin log page function, allowing authenticated attackers with Administrator-leve...

6.5CVSS9.2AI score0.00371EPSS
Exploits0References13
CNNVD
CNNVD
added 2025/03/07 12:0 a.m.1 views

WordPress plugin CS Framework 路径遍历漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A path traversal...

8.8CVSS8.8AI score0.00805EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/03/05 9:21 a.m.10 views

CVE-2024-13780 Hero Mega Menu - Responsive WordPress Menu Plugin <= 1.16.5 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Directory Deletion

The Hero Mega Menu - Responsive WordPress Menu Plugin plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the hmenudeletemenu function in all versions up to, and including, 1.16.5. This makes it possible for unauthenticated attackers to delete...

6.5CVSS0.00321EPSS
Exploits0References2
Rows per page
Query Builder