VUMETRIC
CYBER PORTAL
Dashboard
Security News
Latest Vulnerabilities
Browse Vulnerabilities
by Vendors
by Products
by Categories
Weekly Reports
Vulnerabilities
> External Control of File Name or Path
Exclude new CVEs:
DATE
CVE
VULNERABILITY TITLE
RISK
2025-04-19
CVE-2025-3103
The CLEVER - HTML5 Radio Player With History - Shoutcast and Icecast - Elementor Widget Addon plugin for WordPress is vulnerable to arbitrary file read due to insufficient file path validation in the 'history.php' file in all versions up to, and including, 2.4.
network
low complexity
CWE-73
7.5
7.5
2025-04-08
CVE-2025-29819
External control of file name or path in Azure Portal Windows Admin Center allows an unauthorized attacker to disclose information locally.
local
low complexity
CWE-73
6.2
6.2
2025-04-08
CVE-2025-3431
The ZoomSounds - WordPress Wave Audio Player with Playlist plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 6.91 via the 'dzsap_download' action.
network
low complexity
CWE-73
7.5
7.5
2025-04-08
CVE-2025-2004
The Simple WP Events plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the wpe_delete_file AJAX action in all versions up to, and including, 1.8.17.
network
low complexity
CWE-73
critical
9.1
9.1
2025-03-31
CVE-2025-2982
A vulnerability, which was classified as critical, was found in Legrand SMS PowerView 1.x.
network
low complexity
CWE-73
6.3
6.3
2025-03-26
CVE-2025-1911
The Product Import Export for WooCommerce – Import Export Product CSV Suite plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the admin_log_page() function in all versions up to, and including, 2.5.0.
network
low complexity
CWE-73
2.7
2.7
2025-03-22
CVE-2025-1972
The Export and Import Users and Customers plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the admin_log_page() function in all versions up to, and including, 2.6.2.
network
low complexity
CWE-73
2.7
2.7
2025-03-20
CVE-2024-13922
External Control of File Name or Path vulnerability in Webtoffee Order Export & Order Import for Woocommerce
The Order Export & Order Import for WooCommerce plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the admin_log_page() function in all versions up to, and including, 2.6.0.
network
low complexity
webtoffee
CWE-73
6.5
6.5
2025-03-11
CVE-2025-24996
External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing over a network.
network
low complexity
CWE-73
6.5
6.5
2025-03-07
CVE-2024-12036
The CS Framework plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 6.9 via the get_widget_settings_json() function.
network
low complexity
CWE-73
7.5
7.5
«
1
(current)
2
»
Next