CVE-2026-33681

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the objects/pluginRunDatabaseScript.json.php endpoint accepts a name parameter via POST and passes it to Plugin::getDatabaseFileName without any path traversal sanitization. This allows an authenticated admin or a...

CVE-2026-33681

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the objects/pluginRunDatabaseScript.json.php endpoint accepts a name parameter via POST and passes it to Plugin::getDatabaseFileName without any path traversal sanitization. This allows an authenticated admin or a...

WordPress WP Editor plugin <= 1.2.9.1 - Authenticated (Administrator+) Directory Traversal to Arbitrary File Read vulnerability

Authenticated Administrator+ Directory Traversal to Arbitrary File Read vulnerability discovered by nquangit in WordPress Plugin WP Editor versions = 1.2.9.1...

WordPress WP Editor plugin <= 1.2.9.1 - Authenticated (Administrator+) Directory Traversal to Arbitrary File Update vulnerability

Authenticated Administrator+ Directory Traversal to Arbitrary File Update vulnerability discovered by nquangit in WordPress Plugin WP Editor versions = 1.2.9.1...

BackupBuddy < 8.7.5 - Unauthenticated Arbitrary File Access

The plugin is affected by a Directory Traversal attack, allowing unauthenticated attackers to access arbitrary files on the web server, starting in version 8.5.8.0. PoC Install BackupBuddy v8.5.8.0 through v8.7.4.1. curl...

WordPress Abtest Directory Traversal

------------------------- Affected products: ------------------------- Product : wordpress Plugin in name : abtest File name : abtestadmin.php ---------- Details: ---------- The file abtestadmin.php of the plugin abtest is vulnerable to a Directory traversal attack see...