Lucene search
K

4 matches found

CVE
CVE
added 2026/05/17 12:11 p.m.18 views

CVE-2018-25326

CVE-2018-25326 affects Google Drive for WordPress 2.2 and involves a path traversal vulnerability in gdrive-ajaxs.php. An unauthenticated attacker can exploit a crafted POST request by setting ajaxstype to del_fl_bkp and including directory traversal sequences in the file_name parameter (e.g., .....

8.7CVSS5.9AI score0.00641EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/15 7:46 a.m.51 views

CVE-2026-6403 Quick Playground <= 1.3.3 - Unauthenticated Path Traversal to Arbitrary File Read via 'stylesheet' Parameter

The Quick Playground plugin for WordPress is vulnerable to Path Traversal in versions up to and including 1.3.3. This is due to insufficient path validation in the qckplyziptheme function, which appends a user-controlled 'stylesheet' parameter directly to the theme root directory path without...

7.5CVSS0.00811EPSS
Exploits0References11
NVD
NVD
added 2026/04/20 8:16 p.m.7 views

CVE-2026-5478

The Everest Forms plugin for WordPress is vulnerable to Arbitrary File Read and Deletion in all versions up to, and including, 3.4.4. This is due to the plugin trusting attacker-controlled oldfiles data from public form submissions as legitimate server-side upload state, and converting...

8.1CVSS0.01022EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/09/12 5:24 a.m.2 views

CVE-2025-8575 LWS Cleaner <= 2.4.1.3 - Authenticated (Administrator+) Arbitrary File Deletion via 'lws_cl_delete_file'

The LWS Cleaner plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'lwscldeletefile' function in all versions up to, and including, 2.4.1.3. This makes it possible for authenticated attackers, with Administrator-level access and above, to...

7.2CVSS7AI score0.00746EPSS
Exploits0References3
Rows per page
Query Builder