Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

DATE CVE VULNERABILITY TITLE RISK
2022-11-29 CVE-2022-3361 Path Traversal vulnerability in Ultimatemember Ultimate Member
The Ultimate Member plugin for WordPress is vulnerable to directory traversal in versions up to, and including 2.5.0 due to insufficient input validation on the 'template' attribute used in shortcodes.
network
low complexity
ultimatemember CWE-22
4.3
2022-11-29 CVE-2022-4030 Path Traversal vulnerability in Simple-Press Simple:Press
The Simple:Press plugin for WordPress is vulnerable to Path Traversal in versions up to, and including, 6.8 via the 'file' parameter which can be manipulated during user avatar deletion.
network
low complexity
simple-press CWE-22
8.1
2022-11-29 CVE-2022-4031 Path Traversal vulnerability in Simple-Press Simple:Press
The Simple:Press plugin for WordPress is vulnerable to arbitrary file modifications in versions up to, and including, 6.8 via the 'file' parameter which does not properly restrict files to be edited in the context of the plugin.
network
low complexity
simple-press CWE-22
4.9
2022-11-29 CVE-2022-25848 Path Traversal vulnerability in Static-Dev-Server Project Static-Dev-Server 1.0.0
This affects all versions of package static-dev-server.
network
low complexity
static-dev-server-project CWE-22
7.5
2022-11-29 CVE-2022-44635 Path Traversal vulnerability in Apache Fineract
Apache Fineract allowed an authenticated user to perform remote code execution due to a path traversal vulnerability in a file upload component of Apache Fineract, allowing an attacker to run remote code.
network
low complexity
apache CWE-22
8.8
2022-11-28 CVE-2022-45921 Path Traversal vulnerability in Fusionauth
FusionAuth before 1.41.3 allows a file outside of the application root to be viewed or retrieved using an HTTP request.
network
low complexity
fusionauth CWE-22
7.5
2022-11-28 CVE-2021-25059 Path Traversal vulnerability in Metagauss Download Plugin 1.6.1/1.6.2
The Download Plugin WordPress plugin before 2.0.0 does not properly validate a user has the required privileges to access a backup's nonce identifier, which may allow any users with an account on the site (such as subscriber) to download a full copy of the website.
network
low complexity
metagauss CWE-22
4.3
2022-11-25 CVE-2022-41712 Path Traversal vulnerability in Frappe 14.10.0
Frappe version 14.10.0 allows an external attacker to remotely obtain arbitrary local files.
network
low complexity
frappe CWE-22
6.5
2022-11-24 CVE-2022-40976 Path Traversal vulnerability in multiple products
A path traversal vulnerability was discovered in multiple Pilz products.
local
low complexity
pilz pliz CWE-22
5.5
2022-11-24 CVE-2022-40977 Path Traversal vulnerability in Pilz products
A path traversal vulnerability was discovered in Pilz PASvisu Server before 1.12.0.
network
low complexity
pilz CWE-22
7.5