2690 matches found
Longjing Technology BEMS API 1.21 - Unauthenticated Arbitrary File Download
Longjing Technology BEMS API 1.21 is vulnerable to local file inclusion. Input passed through the fileName parameter through the downloads API endpoint is not properly verified before being used to download files. This can be exploited to disclose the contents of arbitrary and sensitive files...
WordPress Eventin (Themewinter) ≤ 4.0.26 - Arbitrary File Download
Themewinter Eventin contains a path traversal caused by relative path manipulation, letting attackers access arbitrary files on the server, exploit requires no specific privileges or user interaction. id: CVE-2025-47445 info: name: WordPress Eventin Themewinter ≤ 4.0.26 - Arbitrary File Download...
Wipro Holmes Orchestrator 20.4.1 - Arbitrary File Download
The File Download API in Wipro Holmes Orchestrator 20.4.1 20.4.102112020 allows remote attackers to read arbitrary files via absolute path traversal in the SearchString JSON field in /home/download POST data. id: CVE-2021-38146 info: name: Wipro Holmes Orchestrator 20.4.1 - Arbitrary File Downloa...
CVE-2026-57815
CVE-2026-57815 documents a path traversal vulnerability in the WordPress plugin Forminator (WPMU DEV Your All-in-One WordPress Platform Forminator) affecting version range up to and including 1.55.0.2. The issue is described as Improper Limitation of a Pathname to a Restricted Directory, enabling...
CVE-2026-57815 WordPress Forminator plugin <= 1.55.0.2 - Arbitrary File Download vulnerability
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in WPMU DEV - Your All-in-One WordPress Platform Forminator forminator allows Path Traversal.This issue affects Forminator: from n/a through = 1.55.0.2...
WordPress Forminator plugin <= 1.55.0.2 - Arbitrary File Download vulnerability
Arbitrary File Download vulnerability discovered by daroo in WordPress Plugin Forminator versions = 1.55.0.2...
CVE-2026-8379
The CVE-2026-8379 entry concerns the Frontend File Manager Plugin for WordPress (≤ 23.6). The vulnerability is a failure to properly enforce nonce verification on the file download handler, enabling unauthenticated attackers to download files uploaded by any user by iterating identifiers. The iss...
EUVD-2026-37647
Unauthenticated Arbitrary File Download in WP Media folder Addon = 4.0.1 versions...
EUVD-2026-37593
CP Client Arbitrary File Download in Client Portal Pro = 5.6.2 versions...
EUVD-2026-37656
Subscriber Arbitrary File Download in Woocommerce Book Price = 1.3 versions...
CVE-2026-9690
Unauthenticated Arbitrary File Download in WP Media folder Addon = 4.0.1 versions...
CVE-2026-40724
CP Client Arbitrary File Download in Client Portal Pro = 5.6.2 versions...
CVE-2025-69131
Unauthenticated Arbitrary File Download in WordPress & WooCommerce Scraper Plugin, Import Data from Any Site = 1.0.7 versions...
CVE-2025-49403
Unauthenticated Arbitrary File Download in Premium Age Verification / Restriction for WordPress = 3.0.2 versions...
CVE-2026-40724
CVE-2026-40724 concerns the WordPress Client Portal (Pro) plugin, affected versions <= 5.6.2. The vulnerability is described as an Arbitrary File Download in CP Client Arbitrary File Download for Client Portal (Pro)
CVE-2026-40724 WordPress Client Portal (Pro) plugin <= 5.6.2 - Arbitrary File Download vulnerability
CP Client Arbitrary File Download in Client Portal Pro = 5.6.2 versions...
CVE-2026-22334
CVE-2026-22334 concerns the WordPress Woocommerce Book Price plugin (<= 1.3). The vulnerability is an Arbitrary File Download that requires authentication (Subscriber level or higher). The CVE entry notes an authenticated path to download arbitrary files, with a base CVSS v3.1 score of 7.5 (HI...
CVE-2026-22334 WordPress Woocommerce Book Price plugin <= 1.3 - Arbitrary File Download vulnerability
Subscriber Arbitrary File Download in Woocommerce Book Price = 1.3 versions...
CVE-2026-9690
CVE-2026-9690 concerns the WordPress WP Media folder Addon plugin (versions <= 4.0.1). The vulnerability is an unauthenticated arbitrary file download, enabling an attacker to download arbitrary files from the affected site without authentication. The issue is associated with the WP Media fold...
CVE-2026-9690 WordPress WP Media folder Addon plugin <= 4.0.1 - Arbitrary File Download vulnerability
Unauthenticated Arbitrary File Download in WP Media folder Addon = 4.0.1 versions...