VUMETRIC
CYBER PORTAL
Dashboard
Security News
Latest Vulnerabilities
Browse Vulnerabilities
by Vendors
by Products
by Categories
Weekly Reports
Vulnerabilities
> Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Exclude new CVEs:
DATE
CVE
VULNERABILITY TITLE
RISK
2025-04-05
CVE-2025-2941
The Drag and Drop Multiple File Upload for WooCommerce plugin for WordPress is vulnerable to arbitrary file moving due to insufficient file path validation via the wc-upload-file[] parameter in all versions up to, and including, 1.1.4.
network
low complexity
CWE-22
critical
9.8
9.8
2025-04-04
CVE-2025-2270
The Countdown, Coming Soon, Maintenance – Countdown & Clock plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.8.9.1 via the createCdObj function.
network
high complexity
CWE-22
8.1
8.1
2025-04-04
CVE-2025-3214
A vulnerability has been found in JFinal CMS up to 5.2.4 and classified as problematic.
network
low complexity
CWE-22
4.3
4.3
2025-04-01
CVE-2025-3043
A vulnerability, which was classified as critical, has been found in GuoMinJim PersonManage 1.0.
network
low complexity
CWE-22
5.3
5.3
2025-03-28
CVE-2025-2917
Path Traversal vulnerability in 1000Cms Chestnutcms
A vulnerability, which was classified as problematic, was found in ChestnutCMS up to 1.5.3.
network
low complexity
1000cms
CWE-22
7.5
7.5
2025-03-28
CVE-2025-2328
The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'dnd_remove_uploaded_files' function in all versions up to, and including, 1.3.8.7.
network
low complexity
CWE-22
8.8
8.8
2025-03-28
CVE-2025-2294
The Kubio AI Page Builder plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.5.1 via thekubio_hybrid_theme_load_template function.
network
low complexity
CWE-22
critical
9.8
9.8
2025-03-26
CVE-2025-1769
The Product Import Export for WooCommerce – Import Export Product CSV Suite plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.5.0 via the download_file() function.
network
low complexity
CWE-22
4.9
4.9
2025-03-26
CVE-2025-1310
The Jobs for WordPress plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.7.11 via the 'job_postings_get_file' parameter.
network
low complexity
CWE-22
6.5
6.5
2025-03-25
CVE-2025-2744
A vulnerability, which was classified as critical, was found in zhijiantianya ruoyi-vue-pro 2.4.1.
network
low complexity
CWE-22
5.4
5.4
«
Previous
1
2
3
(current)
4
5
...
376
377
»
Next