VUMETRIC
CYBER PORTAL
Dashboard
Security News
Latest Vulnerabilities
Browse Vulnerabilities
by Vendors
by Products
by Categories
Weekly Reports
Vulnerabilities
> External Control of File Name or Path
Exclude new CVEs:
DATE
CVE
VULNERABILITY TITLE
RISK
2025-03-01
CVE-2025-1730
The Simple Download Counter plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 2.0 via the 'simple_download_counter_download_handler'.
network
low complexity
CWE-73
6.5
6.5
2025-01-31
CVE-2024-12267
The Drag and Drop Multiple File Upload – Contact Form 7 plugin for WordPress is vulnerable to limited arbitrary file deletion due to insufficient file path validation in the dnd_codedropz_upload_delete() function in all versions up to, and including, 1.3.8.5.
network
low complexity
CWE-73
5.3
5.3
2024-12-21
CVE-2024-12066
The SMSA Shipping(official) plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the smsa_delete_label() function in all versions up to, and including, 2.2.
network
low complexity
CWE-73
8.8
8.8
«
Previous
1
2
(current)
»