CVE-2025-14293

CVE-2025-14293 : WP Job Portal for WordPress suffers an Authenticated Arbitrary File Read in all versions up to 2.4.0 via the downloadCustomUploadedFile function. Exploitation requires Subscriber+ level access . Impact is exposure of sensitive server files; the Wordfence vulnerability report list...

CVE-2025-14293 WP Job Portal <= 2.4.0 - Authenticated (Subscriber+) Arbitrary File Read

The WP Job Portal plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 2.4.0 via the 'downloadCustomUploadedFile' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read the contents of arbitrary file...

WordPress WP Job Portal plugin <= 2.4.0 - Authenticated (Subscriber+) Arbitrary File Read vulnerability

Authenticated Subscriber+ Arbitrary File Read vulnerability discovered by Long Nguyen in WordPress Plugin WP Job Portal versions = 2.4.0...

CVE-2025-61813

ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Improper Restriction of XML External Entity Reference 'XXE' vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files on the server. Exploitation o...

CVE-2025-61823

ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Improper Restriction of XML External Entity Reference 'XXE' vulnerability that could lead to arbitrary file system read. A high privileged attacker could exploit this vulnerability to access sensitive files and data on th...

PT-2025-50726

The WP Job Portal plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 2.4.0 via the 'downloadCustomUploadedFile' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read the contents of arbitrary file...

WordPress plugin WP Job Portal 路径遍历漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation, and WordPress plugin is an application plugin. An arbitrary file read vulnerability exists in WordPress Wp Job Portal, which stems from improper handling of the downloadCustomUploadedFile function, and can be exploited ...

CVE-2023-53772

MiniDVBLinux 5.4 contains an arbitrary file disclosure vulnerability that allows attackers to read sensitive system files through the 'file' GET parameter. Attackers can exploit the about page by supplying file paths to disclose arbitrary file contents on the affected device...

CVE-2020-36899

QiHang Media Web Digital Signage 3.0.9 contains an unauthenticated file disclosure vulnerability that allows remote attackers to access sensitive files through unverified 'filename' and 'path' parameters. Attackers can exploit the QH.aspx endpoint to read arbitrary files and directory contents...

CVE-2025-34395 Barracuda RMM < 2025.1.1 Service Center .NET Remoting Path Traversal RCE

Barracuda Service Center, as implemented in the RMM solution, in versions prior to 2025.1.1, exposes a .NET Remoting service in which an unauthenticated attacker can invoke a method vulnerable to path traversal to read arbitrary files. This vulnerability can be escalated to remote code execution ...

CVE-2025-34395

Barracuda RMM Service Center (Barracuda Service Center) prior to version 2025.1.1 exposes a .NET Remoting service that an unauthenticated attacker can use to invoke a path traversal vulnerable method to read arbitrary files. This vulnerability can be escalated to remote code execution by obtainin...

WordPress Simple Download Counter plugin <= 2.2.2 - Authenticated (Administrator+) Arbitrary File Read via Path Traversal vulnerability

Authenticated Administrator+ Arbitrary File Read via Path Traversal vulnerability discovered by ChamlaVic in WordPress Plugin Simple Download Counter versions = 2.2.2...

WordPress Hippoo Mobile App for WooCommerce plugin <= 1.7.1 - Unauthenticated Arbitrary File Read vulnerability

Unauthenticated Arbitrary File Read vulnerability discovered by Moose Love - Nagasaki Prefectural University in WordPress Plugin Hippoo Mobile App for WooCommerce versions = 1.7.1...

CVE-2025-13339

CVE-2025-13339 concerns the Hippoo Mobile App for WooCommerce WordPress plugin. The Wordfence report confirms an unauthenticated path traversal vulnerability allowing reading of arbitrary files via the template_redirect() function, affecting all versions up to and including 1.7.1. The affected so...

CVE-2025-13339 Hippoo Mobile App for WooCommerce <= 1.7.1 - Unauthenticated Arbitrary File Read

The Hippoo Mobile App for WooCommerce plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.7.1 via the templateredirect function. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain...

CVE-2025-13339 Hippoo Mobile App for WooCommerce <= 1.7.1 - Unauthenticated Arbitrary File Read

The Hippoo Mobile App for WooCommerce plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.7.1 via the templateredirect function. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain...

CVE-2025-13677 Simple Download Counter <= 2.2.2 - Authenticated (Administrator+) Arbitrary File Read via Path Traversal

The Simple Download Counter plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 2.2.2. This is due to insufficient path validation in the simpledownloadcounterparsepath function. This makes it possible for authenticated attackers, with Administrator-level...

CVE-2025-13677 Simple Download Counter <= 2.2.2 - Authenticated (Administrator+) Arbitrary File Read via Path Traversal

The Simple Download Counter plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 2.2.2. This is due to insufficient path validation in the simpledownloadcounterparsepath function. This makes it possible for authenticated attackers, with Administrator-level...

CVE-2025-13677

CVE-2025-13677 (Simple Download Counter, WordPress) is a path traversal flaw in simple_download_counter_parse_path() that, under Administrator+ access, allows reading arbitrary server files (e.g., wp-config.php). Public details indicate the issue affects all versions up to 2.2.2; Wordfence notes ...

EUVD-2025-202392

The Simple Download Counter plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 2.2.2. This is due to insufficient path validation in the simpledownloadcounterparsepath function. This makes it possible for authenticated attackers, with Administrator-level...