VUMETRIC
CYBER PORTAL
Dashboard
Security News
Latest Vulnerabilities
Browse Vulnerabilities
by Vendors
by Products
by Categories
Weekly Reports
Vulnerabilities
> External Control of File Name or Path
Exclude new CVEs:
DATE
CVE
VULNERABILITY TITLE
RISK
2025-03-26
CVE-2025-1911
The Product Import Export for WooCommerce – Import Export Product CSV Suite plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the admin_log_page() function in all versions up to, and including, 2.5.0.
network
low complexity
CWE-73
2.7
2.7
2025-03-22
CVE-2025-1972
The Export and Import Users and Customers plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the admin_log_page() function in all versions up to, and including, 2.6.2.
network
low complexity
CWE-73
2.7
2.7
2025-03-20
CVE-2024-13922
External Control of File Name or Path vulnerability in Webtoffee Order Export & Order Import for Woocommerce
The Order Export & Order Import for WooCommerce plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the admin_log_page() function in all versions up to, and including, 2.6.0.
network
low complexity
webtoffee
CWE-73
6.5
6.5
2025-03-11
CVE-2025-24996
External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing over a network.
network
low complexity
CWE-73
6.5
6.5
2025-03-07
CVE-2024-12036
The CS Framework plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 6.9 via the get_widget_settings_json() function.
network
low complexity
CWE-73
7.5
7.5
2025-03-01
CVE-2025-1730
The Simple Download Counter plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 2.0 via the 'simple_download_counter_download_handler'.
network
low complexity
CWE-73
6.5
6.5
2025-01-31
CVE-2024-12267
The Drag and Drop Multiple File Upload – Contact Form 7 plugin for WordPress is vulnerable to limited arbitrary file deletion due to insufficient file path validation in the dnd_codedropz_upload_delete() function in all versions up to, and including, 1.3.8.5.
network
low complexity
CWE-73
5.3
5.3
2024-12-21
CVE-2024-12066
The SMSA Shipping(official) plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the smsa_delete_label() function in all versions up to, and including, 2.2.
network
low complexity
CWE-73
8.8
8.8
2021-03-23
CVE-2021-21343
External Control of File Name or Path vulnerability in multiple products
XStream is a Java library to serialize objects to XML and back again.
network
low complexity
netapp
apache
xstream
debian
fedoraproject
oracle
CWE-73
7.5
7.5
«
Previous
1
2
(current)
»