Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

DATE CVE VULNERABILITY TITLE RISK
2025-03-07 CVE-2024-12035 The CS Framework plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the cs_widget_file_delete() function in all versions up to, and including, 6.9.
network
low complexity
CWE-22
8.8
8.8
2025-03-06 CVE-2025-2032 A vulnerability classified as problematic was found in ChestnutCMS 1.5.2.
low complexity
CWE-22
3.5
3.5
2025-03-06 CVE-2024-13897 The Moving Media Library plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the generate_json_page function in all versions up to, and including, 1.22.
network
low complexity
CWE-22
6.5
6.5
2025-03-05 CVE-2024-13471 The DesignThemes Core Features plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the dt_process_imported_file function in all versions up to, and including, 4.7.
network
low complexity
CWE-22
7.5
7.5
2025-03-01 CVE-2024-13910 The Database Backup and check Tables Automated With Scheduler 2024 plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'database_backup_ajax_delete' function in all versions up to, and including, 2.35.
network
low complexity
CWE-22
7.2
7.2
2025-02-28 CVE-2025-27410 Path Traversal vulnerability in Pwndoc Project Pwndoc
PwnDoc is a penetration test reporting application.
network
low complexity
pwndoc-project CWE-22
6.5
6.5
2025-02-28 CVE-2025-0823 IBM Cognos Analytics 11.2.0 through 11.2.4 FP5 and 12.0.0 through 12.0.4 could allow a remote attacker to traverse directories on the system.
network
low complexity
CWE-22
6.5
6.5
2025-02-27 CVE-2025-1743 A vulnerability, which was classified as critical, was found in zyx0814 Pichome 2.1.0.
network
low complexity
CWE-22
5.3
5.3
2025-02-27 CVE-2024-54169 IBM EntireX 11.1 could allow an authenticated attacker to traverse directories on the system.
network
low complexity
CWE-22
6.5
6.5
2025-02-27 CVE-2025-1282 Path Traversal vulnerability in Thememakers CAR Dealer Automotive
The Car Dealer Automotive WordPress Theme – Responsive theme for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete_post_photo() and add_car() functions in all versions up to, and including, 1.6.3.
network
low complexity
thememakers CWE-22
8.8
8.8