CVE-2024-13780

CVE-2024-13780 refers to the Hero Mega Menu - Responsive WordPress Menu Plugin (

WordPress plugin Hero Mega Menu 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exist...

CVE-2024-13910

The Database Backup and check Tables Automated With Scheduler 2024 plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'databasebackupajaxdelete' function in all versions up to, and including, 2.35. This makes it possible for authenticated...

PT-2025-8690 · Mautic +1 · Mautic/Core

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: A file placement issue exists, allowing assets to be uploaded to unintended server directories. This is due to improper limitation of a pathname to a restricted directory, specifically in th...

Path Traversal

github.com/clidey/whodb/core is vulnerable to Path Traversal. The vulnerability is due to improper path validation due to the lack of checks when joining user-controlled database file names with the default directory, allowing an attacker to use path traversal ../../ to access any Sqlite3 databas...

CVE-2024-21542

Versions of the package luigi before 3.6.0 are vulnerable to Arbitrary File Write via Archive Extraction Zip Slip due to improper destination file path validation in the extractpackagesarchive function...

CVE-2024-12066

The SMSA Shippingofficial plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the smsadeletelabel function in all versions up to, and including, 2.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, t...

CVE-2024-3054

WPvivid Backup & Migration Plugin for WordPress is vulnerable to PHAR Deserialization in all versions up to, and including, 0.9.99 via deserialization of untrusted input at the wpvividstggetcustomexcludepathfree action. This is due to the plugin not providing sufficient path validation on the...

CVE-2024-10625

The WooCommerce Support Ticket System plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the deletetmpuploadedfile function in all versions up to, and including, 17.7. This makes it possible for unauthenticated attackers to delete arbitrary...

CVE-2024-2914

A TarSlip vulnerability exists in the deepjavalibrary/djl, affecting version 0.26.0 and fixed in version 0.27.0. This vulnerability allows an attacker to manipulate file paths within tar archives to overwrite arbitrary files on the target system. Exploitation of this vulnerability could lead to...

CVE-2024-11150

The WordPress User Extra Fields plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the deletetmpuploadedfile function in all versions up to, and including, 16.6. This makes it possible for unauthenticated attackers to delete arbitrary files o...

CVE-2024-20449

A vulnerability in Cisco Nexus Dashboard Fabric Controller NDFC could allow an authenticated, remote attacker with low privileges to execute arbitrary code on an affected device. This vulnerability is due to improper path validation. An attacker could exploit this vulnerability by using the Secur...

CVE-2024-28222

In Veritas NetBackup before 8.1.2 and NetBackup Appliance before 3.1.2, the BPCD process inadequately validates the file path, allowing an unauthenticated attacker to upload and execute a custom file...

CVE-2024-4881

A path traversal vulnerability exists in the parisneo/lollms application, affecting version 9.4.0 and potentially earlier versions, but fixed in version 5.9.0. The vulnerability arises due to improper validation of file paths between Windows and Linux environments, allowing attackers to traverse...

CVE-2024-13720

The WP Image Uploader plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the gkyimageuploadermainfunction function in all versions up to, and including, 1.0.1. This makes it possible for unauthenticated attackers to delete arbitrary files on...

CVE-2024-12267

CVE-2024-12267 affects the WordPress plugin “Drag and Drop Multiple File Upload for Contact Form 7” (versions up to and including 1.3.8.5). The vulnerability is caused by insufficient file path validation in the dnd_codedropz_upload_delete() function, allowing unauthenticated attackers to perform...

WordPress plugin Contact Form 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exist...

WordPress plugin Live2DWebCanvas 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2025-2264 · WordPress · Live2Dwebcanvas

Name of the Vulnerable Software and Affected Versions: Live2DWebCanvas plugin for WordPress versions up to, and including, 1.9.11 Description: The issue is related to insufficient file path validation in the ClearFiles function, allowing authenticated attackers with Subscriber-level access and...

CVE-2024-13720

CVE-2024-13720 concerns the WordPress plugin WP Image Uploader, affected versions up to and including 1.0.1. The issue is an insufficient file path validation in gky_image_uploader_main_function(), enabling unauthenticated attackers to delete arbitrary files on the server (potential path traversa...