EUVD-2019-20163

WordPress Plugin ad manager wd 1.0.11 contains an arbitrary file download vulnerability that allows unauthenticated attackers to download sensitive files by manipulating the path parameter. Attackers can send GET requests to the edit.php endpoint with export=exportcsv and a malicious path paramet...

PT-2026-41551

Woocommerce CSV Importer 3.3.6 contains a path traversal vulnerability that allows any registered user to delete arbitrary files by submitting unescaped filenames through the delete export file AJAX action. Attackers can craft POST requests with directory traversal sequences in the filename...

EUVD-2025-38352

The WPFunnels plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the wpfnldeletelog function in all versions up to, and including, 3.6.2. This makes it possible for authenticated attackers, with Administrator-level access and above, to delete...

EUVD-2025-28732

Malicious code in bioql PyPI...

CVE-2021-24905

The Advanced Contact form 7 DB WordPress plugin before 1.8.7 does not have authorisation nor CSRF checks in the acf7dbeditscrfiledelete AJAX action, and does not validate the file to be deleted, allowing any authenticated user to delete arbitrary files on the web server. For example, removing the...

WordPress plugin Download Monitor 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An arbitrary file download...