CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Description
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-126 · CAPEC-64 · CAPEC-76 · CAPEC-78 · CAPEC-79
CVEs mapped to this weakness (5,488)
page 51 of 275| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-48124 | Hig | 0.49 | 7.5 | 0.00 | Jun 9, 2025 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Holest Engineering Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light excel-like-price-change-for-woocommerce-and-wp-e-commerce-light allows Path Traversal.This… | ||
| CVE-2025-31635 | Hig | 0.49 | 7.5 | 0.00 | Jun 9, 2025 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in LambertGroup CLEVER lbg-audio11-html5-shoutcast_history allows Path Traversal.This issue affects CLEVER: from n/a through <= 2.6. | ||
| CVE-2025-31050 | Hig | 0.49 | 7.5 | 0.00 | Jun 9, 2025 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in appthaplugins Apptha Slider Gallery apptha-slider-gallery allows Path Traversal.This issue affects Apptha Slider Gallery: from n/a through <= 2.5. | ||
| CVE-2025-48273 | Hig | 0.49 | 7.5 | 0.00 | May 23, 2025 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in wpjobportal WP Job Portal wp-job-portal allows Path Traversal.This issue affects WP Job Portal: from n/a through <= 2.3.2. | ||
| CVE-2025-47603 | Hig | 0.49 | 7.5 | 0.00 | May 23, 2025 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Belingo belingoGeo belingogeo allows Path Traversal.This issue affects belingoGeo: from n/a through <= 1.12.0. | ||
| CVE-2025-1565 | Hig | 0.49 | 7.5 | 0.00 | Apr 25, 2025 | The Mayosis Core plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 5.4.1 via the library/wave-audio/peaks/remote_dl.php file. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server,… | ||
| CVE-2025-39568 | Hig | 0.49 | 7.5 | 0.00 | Apr 17, 2025 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Arture B.V. StoreContrl Woocommerce storecontrl-wp-connection allows Path Traversal.This issue affects StoreContrl Woocommerce: from n/a through <= 4.1.3. | ||
| CVE-2025-32671 | Hig | 0.49 | 7.5 | 0.01 | Apr 11, 2025 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in John Weissberg Print Science Designer print-science-designer allows Path Traversal.This issue affects Print Science Designer: from n/a through <= 1.3.155. | ||
| CVE-2025-32509 | Hig | 0.49 | 7.5 | 0.01 | Apr 11, 2025 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WPMinds Simple WP Events simple-wp-events allows Path Traversal.This issue affects Simple WP Events: from n/a through <= 1.8.17. | ||
| CVE-2025-30882 | Hig | 0.49 | 7.5 | 0.01 | Apr 1, 2025 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in JoomSky JS Help Desk js-support-ticket allows Path Traversal.This issue affects JS Help Desk: from n/a through <= 2.9.1. | ||
| CVE-2025-30793 | Hig | 0.49 | 7.5 | 0.01 | Apr 1, 2025 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Property Hive Houzez Property Feed houzez-property-feed allows Path Traversal.This issue affects Houzez Property Feed: from n/a through <= 2.5.4. | ||
| CVE-2025-30895 | Hig | 0.49 | 7.5 | 0.01 | Mar 27, 2025 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in magepeopleteam WpEvently mage-eventpress allows PHP Local File Inclusion.This issue affects WpEvently: from n/a through <= 4.2.9. | ||
| CVE-2025-25371 | Hig | 0.49 | 7.5 | 0.01 | Mar 25, 2025 | NASA cFS (Core Flight System) Aquila is vulnerable to path traversal in the OSAL module, allowing the override of any arbitrary file on the system. | ||
| CVE-2025-25685 | Hig | 0.49 | 7.5 | 0.00 | Mar 17, 2025 | An issue was discovered in GL-INet Beryl AX GL-MT3000 v4.7.0. Attackers are able to download arbitrary files from the device's file system via adding symbolic links on an external drive used as a samba share. | ||
| CVE-2025-25684 | Hig | 0.49 | 7.5 | 0.00 | Mar 17, 2025 | A lack of validation in the path parameter (/download) of GL-INet Beryl AX GL-MT3000 v4.7.0 allows attackers to download arbitrary files from the device's file system via a crafted POST request. | ||
| CVE-2024-10804 | Hig | 0.49 | 7.5 | 0.01 | Mar 7, 2025 | The Ultimate Video Player WordPress & WooCommerce Plugin plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 10.0 via the content/downloader.php file. This makes it possible for unauthenticated attackers to read the contents of… | ||
| CVE-2024-13471 | Hig | 0.49 | 7.5 | 0.01 | Mar 5, 2025 | The DesignThemes Core Features plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the dt_process_imported_file function in all versions up to, and including, 4.7. This makes it possible for unauthenticated attackers to read… | ||
| CVE-2025-25162 | Hig | 0.49 | 7.5 | 0.01 | Mar 3, 2025 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in kutu62 Sports Rankings and Lists sports-rankings-lists allows Absolute Path Traversal.This issue affects Sports Rankings and Lists: from n/a through <= 1.0.2. | ||
| CVE-2025-26935 | Hig | 0.49 | 7.5 | 0.01 | Feb 25, 2025 | Path Traversal: '.../...//' vulnerability in wpjobportal WP Job Portal wp-job-portal allows PHP Local File Inclusion.This issue affects WP Job Portal: from n/a through <= 2.2.8. | ||
| CVE-2025-26905 | Hig | 0.49 | 7.5 | 0.01 | Feb 25, 2025 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Estatik Estatik estatik allows PHP Local File Inclusion.This issue affects Estatik: from n/a through <= 4.3.0. |
- risk 0.49cvss 7.5epss 0.00
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Holest Engineering Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light excel-like-price-change-for-woocommerce-and-wp-e-commerce-light allows Path Traversal.This…
- risk 0.49cvss 7.5epss 0.00
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in LambertGroup CLEVER lbg-audio11-html5-shoutcast_history allows Path Traversal.This issue affects CLEVER: from n/a through <= 2.6.
- risk 0.49cvss 7.5epss 0.00
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in appthaplugins Apptha Slider Gallery apptha-slider-gallery allows Path Traversal.This issue affects Apptha Slider Gallery: from n/a through <= 2.5.
- risk 0.49cvss 7.5epss 0.00
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in wpjobportal WP Job Portal wp-job-portal allows Path Traversal.This issue affects WP Job Portal: from n/a through <= 2.3.2.
- risk 0.49cvss 7.5epss 0.00
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Belingo belingoGeo belingogeo allows Path Traversal.This issue affects belingoGeo: from n/a through <= 1.12.0.
- risk 0.49cvss 7.5epss 0.00
The Mayosis Core plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 5.4.1 via the library/wave-audio/peaks/remote_dl.php file. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server,…
- risk 0.49cvss 7.5epss 0.00
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Arture B.V. StoreContrl Woocommerce storecontrl-wp-connection allows Path Traversal.This issue affects StoreContrl Woocommerce: from n/a through <= 4.1.3.
- risk 0.49cvss 7.5epss 0.01
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in John Weissberg Print Science Designer print-science-designer allows Path Traversal.This issue affects Print Science Designer: from n/a through <= 1.3.155.
- risk 0.49cvss 7.5epss 0.01
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WPMinds Simple WP Events simple-wp-events allows Path Traversal.This issue affects Simple WP Events: from n/a through <= 1.8.17.
- risk 0.49cvss 7.5epss 0.01
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in JoomSky JS Help Desk js-support-ticket allows Path Traversal.This issue affects JS Help Desk: from n/a through <= 2.9.1.
- risk 0.49cvss 7.5epss 0.01
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Property Hive Houzez Property Feed houzez-property-feed allows Path Traversal.This issue affects Houzez Property Feed: from n/a through <= 2.5.4.
- risk 0.49cvss 7.5epss 0.01
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in magepeopleteam WpEvently mage-eventpress allows PHP Local File Inclusion.This issue affects WpEvently: from n/a through <= 4.2.9.
- risk 0.49cvss 7.5epss 0.01
NASA cFS (Core Flight System) Aquila is vulnerable to path traversal in the OSAL module, allowing the override of any arbitrary file on the system.
- risk 0.49cvss 7.5epss 0.00
An issue was discovered in GL-INet Beryl AX GL-MT3000 v4.7.0. Attackers are able to download arbitrary files from the device's file system via adding symbolic links on an external drive used as a samba share.
- risk 0.49cvss 7.5epss 0.00
A lack of validation in the path parameter (/download) of GL-INet Beryl AX GL-MT3000 v4.7.0 allows attackers to download arbitrary files from the device's file system via a crafted POST request.
- risk 0.49cvss 7.5epss 0.01
The Ultimate Video Player WordPress & WooCommerce Plugin plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 10.0 via the content/downloader.php file. This makes it possible for unauthenticated attackers to read the contents of…
- risk 0.49cvss 7.5epss 0.01
The DesignThemes Core Features plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the dt_process_imported_file function in all versions up to, and including, 4.7. This makes it possible for unauthenticated attackers to read…
- risk 0.49cvss 7.5epss 0.01
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in kutu62 Sports Rankings and Lists sports-rankings-lists allows Absolute Path Traversal.This issue affects Sports Rankings and Lists: from n/a through <= 1.0.2.
- risk 0.49cvss 7.5epss 0.01
Path Traversal: '.../...//' vulnerability in wpjobportal WP Job Portal wp-job-portal allows PHP Local File Inclusion.This issue affects WP Job Portal: from n/a through <= 2.2.8.
- risk 0.49cvss 7.5epss 0.01
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Estatik Estatik estatik allows PHP Local File Inclusion.This issue affects Estatik: from n/a through <= 4.3.0.