Vulnerabilities > External Control of File Name or Path

DATE CVE VULNERABILITY TITLE RISK
2025-03-07 CVE-2024-12036 The CS Framework plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 6.9 via the get_widget_settings_json() function.
network
low complexity
CWE-73
7.5
7.5
2025-03-03 CVE-2024-51961 External Control of File Name or Path vulnerability in Esri Arcgis Server
There is a local file inclusion vulnerability in ArcGIS Server 10.9.1 thru 11.3 that may allow a remote, unauthenticated attacker to craft a URL that could potentially disclose sensitive configuration information by reading internal files from the remote server.  Due to the nature of the files accessible in this vulnerability the impact to confidentiality is High there is no impact to both integrity or availability.
network
low complexity
esri CWE-73
7.5
7.5
2025-03-01 CVE-2025-1730 The Simple Download Counter plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 2.0 via the 'simple_download_counter_download_handler'.
network
low complexity
CWE-73
6.5
6.5
2025-01-31 CVE-2024-12267 The Drag and Drop Multiple File Upload – Contact Form 7 plugin for WordPress is vulnerable to limited arbitrary file deletion due to insufficient file path validation in the dnd_codedropz_upload_delete() function in all versions up to, and including, 1.3.8.5.
network
low complexity
CWE-73
5.3
5.3
2024-12-21 CVE-2024-12066 The SMSA Shipping(official) plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the smsa_delete_label() function in all versions up to, and including, 2.2.
network
low complexity
CWE-73
8.8
8.8