Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
|2022-11-29||CVE-2022-3361|| Path Traversal vulnerability in Ultimatemember Ultimate Member |
The Ultimate Member plugin for WordPress is vulnerable to directory traversal in versions up to, and including 2.5.0 due to insufficient input validation on the 'template' attribute used in shortcodes.
| 4.3 |
|2022-11-29||CVE-2022-4030|| Path Traversal vulnerability in Simple-Press Simple:Press |
The Simple:Press plugin for WordPress is vulnerable to Path Traversal in versions up to, and including, 6.8 via the 'file' parameter which can be manipulated during user avatar deletion.
| 8.1 |
|2022-11-29||CVE-2022-4031|| Path Traversal vulnerability in Simple-Press Simple:Press |
The Simple:Press plugin for WordPress is vulnerable to arbitrary file modifications in versions up to, and including, 6.8 via the 'file' parameter which does not properly restrict files to be edited in the context of the plugin.
| 4.9 |
|2022-11-29||CVE-2022-25848|| Path Traversal vulnerability in Static-Dev-Server Project Static-Dev-Server 1.0.0 |
This affects all versions of package static-dev-server.
| 7.5 |
|2022-11-29||CVE-2022-44635|| Path Traversal vulnerability in Apache Fineract |
Apache Fineract allowed an authenticated user to perform remote code execution due to a path traversal vulnerability in a file upload component of Apache Fineract, allowing an attacker to run remote code.
| 8.8 |
|2022-11-28||CVE-2022-45921|| Path Traversal vulnerability in Fusionauth |
FusionAuth before 1.41.3 allows a file outside of the application root to be viewed or retrieved using an HTTP request.
| 7.5 |
|2022-11-28||CVE-2021-25059|| Path Traversal vulnerability in Metagauss Download Plugin 1.6.1/1.6.2 |
The Download Plugin WordPress plugin before 2.0.0 does not properly validate a user has the required privileges to access a backup's nonce identifier, which may allow any users with an account on the site (such as subscriber) to download a full copy of the website.
| 4.3 |
|2022-11-25||CVE-2022-41712|| Path Traversal vulnerability in Frappe 14.10.0 |
Frappe version 14.10.0 allows an external attacker to remotely obtain arbitrary local files.
| 6.5 |
|2022-11-24||CVE-2022-40976|| Path Traversal vulnerability in multiple products |
A path traversal vulnerability was discovered in multiple Pilz products.
| 5.5 |
|2022-11-24||CVE-2022-40977|| Path Traversal vulnerability in Pilz products |
A path traversal vulnerability was discovered in Pilz PASvisu Server before 1.12.0.
| 7.5 |