WordPress plugin Wicked Folders – Folder Organizer for Pages, Posts, and Custom Post Types 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

CVE-2026-1883

The Wicked Folders – Folder Organizer for Pages, Posts, and Custom Post Types plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.1.0 via the deletefolders function due to missing validation on a user controlled key. This makes it possibl...

PT-2026-25528

The Wicked Folders – Folder Organizer for Pages, Posts, and Custom Post Types plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.1.0 via the delete folders function due to missing validation on a user controlled key. This makes it possib...

CVE-2025-14508

CVE-2025-14508 : MediaCommander for WordPress allows unauthorized data deletion via the REST API endpoint import-csv due to a missing capability check. The endpoint uses an upload_files (Author-level) check for a destructive operation, enabling authenticated users with Author-level access or high...

PT-2025-51079

The MediaCommander – Bring Folders to Media, Posts, and Pages plugin for WordPress is vulnerable to unauthorized data deletion due to a missing capability check on the import-csv REST API endpoint in all versions up to, and including, 2.3.1. This is due to the endpoint using upload files capabili...

CVE-2025-35055

Newforma Info Exchange NIX '/UserWeb/Common/UploadBlueimp.ashx' allows an authenticated attacker to upload an arbitrary file to any location writable by the NIX application. An attacker can upload and run a web shell or other content executable by the web server. An attacker can also delete...

EUVD-2017-3333

Malware in sbrugna...

EUVD-2020-9999

Malware in sbrugna...

CVE-2021-25021

The OMGF | Host Google Fonts Locally WordPress plugin before 4.5.12 does not validate the cache directory setting, allowing high privilege users to use a path traversal vector and delete arbitrary folders when uninstalling the plugin...

CVE-2024-48884

A improper limitation of a pathname to a restricted directory 'path traversal' vulnerability in Fortinet FortiManager 7.6.0 through 7.6.1, FortiManager 7.4.1 through 7.4.3, FortiManager Cloud 7.4.1 through 7.4.3, FortiOS 7.6.0, FortiOS 7.4.0 through 7.4.4, FortiOS 7.2.0 through 7.2.9, FortiOS 7.0...

CVE-2024-5481

The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.8.23 via the escdir function. This makes it possible for authenticated attackers to cut and paste copy the contents of arbitrary files on the...

CVE-2024-0798

The CVE-2024-0798 entry relates to mintplex-labs/anything-llm, where users with the default role can delete documents uploaded by admin via a crafted DELETE to /api/system/remove-document. The root cause is improper access-control checks that allow unauthorized document deletion, risking data int...

CVE-2021-26734 Junction Delete leading to elevation of privilege

Zscaler Client Connector Installer on Windows before version 3.4.0.124 improperly handled directory junctions during uninstallation. A local adversary may be able to delete folders in an elevated context...

PT-2023-24869 · Lenovo · Lxca

Name of the Vulnerable Software and Affected Versions: LXCA affected versions not specified Description: A valid, authenticated LXCA user with elevated privileges may be able to delete folders in the LXCA filesystem through a specifically crafted web API call due to insufficient input validation...

CVE-2022-30523

Trend Micro Password Manager Consumer version 5.0.0.1266 and below is vulnerable to a Link Following Privilege Escalation Vulnerability that could allow a low privileged local attacker to delete the contents of an arbitrary folder as SYSTEM which can then be used for privilege escalation on the...

CVE-2021-25020

The CAOS | Host Google Analytics Locally WordPress plugin before 4.1.9 does not validate the cache directory setting, allowing high privilege users to use a path traversal vector and delete arbitrary folders when uninstalling the plugin...

Directory traversal

Directory Traversal vulnerability in FusionPBX 4.5.7, which allows a remote malicious user to delete folders on the system via the folder variable to app/edit/folderdelete.php...

CVE-2020-18070

Path Traversal in iCMS v7.0.13 allows remote attackers to delete folders by injecting commands into a crafted HTTP request to the "dodel" method of the component "database.admincp.php"...

CVE-2020-18070

CVE-2020-18070 : In iCMS v7.0.13, a path traversal vulnerability in the PHP component database.admincp.php lets remote attackers delete folders by injecting commands in a crafted HTTP request to the do_del() method. Impact per CVSS indicates high integrity and availability impact (I/H, A/H) with ...

CVE-2020-18070

Path Traversal in iCMS v7.0.13 allows remote attackers to delete folders by injecting commands into a crafted HTTP request to the "dodel" method of the component "database.admincp.php"...