CVE-2025-13801 Yoco Payments <= 3.9.0 - Unauthenticated Arbitrary File Read

The Yoco Payments plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 3.9.0 via the file parameter. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information...

CVE-2025-1730

The Simple Download Counter plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 2.0 via the 'simpledownloadcounterdownloadhandler'. This makes it possible for authenticated attackers, with Author-level access and above, to extract sensitive data includi...

CVE-2025-1565

The Mayosis Core plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 5.4.1 via the library/wave-audio/peaks/remotedl.php file. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain...

CVE-2024-2178

A path traversal vulnerability exists in the parisneo/lollms-webui, specifically within the 'copytocustompersonas' endpoint in the 'lollmspersonalitiesinfos.py' file. This vulnerability allows attackers to read arbitrary files by manipulating the 'category' and 'name' parameters during the 'Copy ...

WordPress Flashcard Plugin for WordPress plugin <= 0.9 - Authenticated (Contributor+) Arbitrary File Read via Path Traversal vulnerability

Authenticated Contributor+ Arbitrary File Read via Path Traversal vulnerability discovered by Bhumividh Treloges in WordPress Plugin Flashcard versions = 0.9...

WordPress EmailKit plugin <= 1.6.1 - Authenticated (Author+) Arbitrary File Read via Path Traversal vulnerability

Authenticated Author+ Arbitrary File Read via Path Traversal vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin EmailKit versions = 1.6.1...

CVE-2025-14867

CVE-2025-14867 affects the Flashcard Plugin for WordPress. Versions up to 0.9 are vulnerable to a path traversal flaw via the shortcode attribute source in the flashcard shortcode, enabling authenticated attackers with at least contributor privileges to read arbitrary files on the server. The Wor...

CVE-2025-14867 Flashcard Plugin for WordPress <= 0.9 - Authenticated (Contributor+) Arbitrary File Read via Path Traversal

The Flashcard plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 0.9 via the 'source' attribute of the 'flashcard' shortcode. This makes it possible for authenticated attackers, with contributor level access and above, to read the contents of arbitrary file...

CVE-2025-14867 Flashcard Plugin for WordPress <= 0.9 - Authenticated (Contributor+) Arbitrary File Read via Path Traversal

The Flashcard plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 0.9 via the 'source' attribute of the 'flashcard' shortcode. This makes it possible for authenticated attackers, with contributor level access and above, to read the contents of arbitrary file...

WordPress Yoco Payments plugin <= 3.8.8 - Unauthenticated Arbitrary File Read vulnerability

Unauthenticated Arbitrary File Read vulnerability discovered by NumeX in WordPress Plugin Yoco Payments versions = 3.8.8...

CVE-2025-14059

CVE-2025-14059 : EmailKit – Email Customizer for WooCommerce & WP suffers Arbitrary File Read via Path Traversal in create_template REST endpoint. Authenticated attackers with Author+ permissions can craft input through the emailkit-editor-template parameter, whose value is passed to file_get_con...

CVE-2025-14059 EmailKit <= 1.6.1 - Authenticated (Author+) Arbitrary File Read via Path Traversal

The EmailKit plugin for WordPress is vulnerable to Arbitrary File Read via Path Traversal in all versions up to, and including, 1.6.1. This is due to missing path validation in the createtemplate REST API endpoint where user-controlled input from the emailkit-editor-template parameter is passed...

CVE-2025-14059 EmailKit <= 1.6.1 - Authenticated (Author+) Arbitrary File Read via Path Traversal

The EmailKit plugin for WordPress is vulnerable to Arbitrary File Read via Path Traversal in all versions up to, and including, 1.6.1. This is due to missing path validation in the createtemplate REST API endpoint where user-controlled input from the emailkit-editor-template parameter is passed...

PT-2026-1553

Name of the Vulnerable Software and Affected Versions EmailKit versions up to and including 1.6.1 Description The EmailKit plugin for WordPress is susceptible to Arbitrary File Read due to a Path Traversal issue. This occurs because of a lack of path validation in the create template REST API...

PT-2026-2048

Name of the Vulnerable Software and Affected Versions Cisco Identity Services Engine versions prior to 3.2 Patch 8 Cisco ISE Passive Identity Connector versions prior to 3.2 Patch 8 Cisco Identity Services Engine versions prior to 3.3 Patch 8 Cisco ISE Passive Identity Connector versions prior to...

PT-2026-1606

Name of the Vulnerable Software and Affected Versions Yoco Payments plugin for WordPress versions through 3.8.8 Description The Yoco Payments plugin for WordPress is susceptible to a Path Traversal issue. This allows unauthenticated attackers to read arbitrary files on the server, potentially...

PT-2026-1687

A critical Arbitrary File Read vulnerability CVE-2023-50024 has been discovered in the jsPDF library, a popular JavaScript library for client-side PDF generation. Adobe CyberSecNews CyberSecurityAwareness DataSecurity Spyware...

SUSE CVE-2025-68476

KEDA is a Kubernetes-based Event Driven Autoscaling component. Prior to versions 2.17.3 and 2.18.3, an Arbitrary File Read vulnerability has been identified in KEDA, potentially affecting any KEDA resource that uses TriggerAuthentication to configure HashiCorp Vault authentication. The...

GHSA-824X-88XG-CWRV Redaxo has Path Traversal in Backup Addon Leading to Arbitrary File Read

Summary Authenticated users with backup permissions can read arbitrary files within the webroot via path traversal in the Backup addon's file export functionality. Details The Backup addon does not validate the EXPDIR POST parameter against the UI-generated allowlist of permitted directories. An...

Redaxo has Path Traversal in Backup Addon Leading to Arbitrary File Read

Summary Authenticated users with backup permissions can read arbitrary files within the webroot via path traversal in the Backup addon's file export functionality. Details The Backup addon does not validate the EXPDIR POST parameter against the UI-generated allowlist of permitted directories. An...