CWE-35
Path Traversal: '.../...//'
Description
The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '.../...//' (doubled triple dot slash) sequences that can resolve to a location that is outside of that directory.
Hierarchy (View 1000)
Parents
Children
none
CVEs mapped to this weakness (119)
page 5 of 6| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-56213 | Med | 0.42 | 6.5 | 0.01 | Dec 31, 2024 | Path Traversal: '.../...//' vulnerability in Arraytics Eventin wp-event-solution allows Path Traversal.This issue affects Eventin: from n/a through <= 4.0.7. | ||
| CVE-2024-54313 | Med | 0.42 | 6.5 | 0.01 | Dec 13, 2024 | Path Traversal vulnerability in FULL. FULL Customer allows Path Traversal.This issue affects FULL Customer: from n/a through 3.1.25. | ||
| CVE-2024-41972 | — | Med | 0.42 | 6.5 | 0.01 | Nov 18, 2024 | A low privileged remote attacker can overwrite an arbitrary file on the filesystem which may lead to an arbitrary file read with root privileges. | |
| CVE-2024-49258 | Med | 0.42 | 6.5 | 0.01 | Oct 16, 2024 | Path Traversal: '.../...//' vulnerability in Limbcode WordPress Gallery Plugin – Limb Image Gallery limb-gallery.This issue affects WordPress Gallery Plugin – Limb Image Gallery: from n/a through <= 1.5.7. | ||
| CVE-2024-38706 | Med | 0.42 | 6.5 | 0.01 | Jul 12, 2024 | Path Traversal: '.../...//' vulnerability in DevItems HT Mega ht-mega-for-elementor.This issue affects HT Mega: from n/a through <= 2.5.7. | ||
| CVE-2025-26940 | Med | 0.41 | 6.3 | 0.00 | Mar 15, 2025 | Path Traversal vulnerability in NotFound Pie Register Premium. This issue affects Pie Register Premium: from n/a through 3.8.3.2. | ||
| CVE-2025-0858 | — | Med | 0.38 | — | 0.00 | Feb 5, 2025 | A vulnerability was discovered in the firmware builds up to 8.2.1.0820 in certain Poly devices. The firmware flaw does not properly prevent path traversal and could lead to information disclosure. | |
| CVE-2024-7608 | Med | 0.38 | 5.9 | 0.00 | Aug 27, 2024 | An authenticated user can access the restricted files from NX, EX, FX, AX, IVX and CMS using path traversal. | ||
| CVE-2025-66004 | Med | 0.37 | 5.7 | 0.00 | Dec 10, 2025 | A Path Traversal vulnerability in usbmuxd allows local users to escalate to the service user.This issue affects usbmuxd: before 3ded00c9985a5108cfc7591a309f9a23d57a8cba. | ||
| CVE-2024-5481 | Med | 0.37 | 6.8 | 0.01 | Jun 7, 2024 | The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.8.23 via the esc_dir function. This makes it possible for authenticated attackers to cut and paste (copy) the contents of… | ||
| CVE-2024-2654 | Med | 0.37 | 6.8 | 0.01 | Apr 9, 2024 | The File Manager plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 7.2.5 via the fm_download_backup function. This makes it possible for authenticated attackers, with administrator access and above, to read the contents of arbitrary… | ||
| CVE-2025-27445 | Med | 0.35 | 5.4 | 0.00 | Jun 5, 2025 | A path traversal vulnerability in RSFirewall component 2.9.7 - 3.1.5 for Joomla was discovered. This vulnerability allows authenticated users to read arbitrary files outside the Joomla root directory. The flaw is caused by insufficient sanitization of user-supplied input in file… | ||
| CVE-2025-30966 | Med | 0.35 | 5.4 | 0.00 | Apr 15, 2025 | Path Traversal vulnerability in NotFound WPJobBoard allows Path Traversal. This issue affects WPJobBoard: from n/a through n/a. | ||
| CVE-2025-69325 | Med | 0.34 | 5.3 | 0.00 | Feb 20, 2026 | Path Traversal: '.../...//' vulnerability in primersoftware Primer MyData for Woocommerce primer-mydata allows Path Traversal.This issue affects Primer MyData for Woocommerce: from n/a through <= 4.2.8. | ||
| CVE-2025-48081 | Med | 0.34 | 5.3 | 0.00 | Aug 27, 2025 | Path Traversal: '.../...//' vulnerability in Printeers Printeers Print & Ship allows Path Traversal.This issue affects Printeers Print & Ship: from n/a through 1.17.0. | ||
| CVE-2025-46441 | Med | 0.34 | 5.3 | 0.00 | May 19, 2025 | Path Traversal: '.../...//' vulnerability in ctltwp Section Widget section-widget allows Path Traversal.This issue affects Section Widget: from n/a through <= 3.3.1. | ||
| CVE-2026-32415 | Med | 0.33 | 5.0 | 0.00 | Mar 13, 2026 | Path Traversal: '.../...//' vulnerability in Bogdan Bendziukov Squeeze squeeze allows Path Traversal.This issue affects Squeeze: from n/a through <= 1.7.7. | ||
| CVE-2025-64253 | Med | 0.32 | 4.9 | 0.00 | Dec 16, 2025 | Path Traversal: '.../...//' vulnerability in WordPress.org Health Check & Troubleshooting health-check allows Path Traversal.This issue affects Health Check & Troubleshooting: from n/a through <= 1.7.1. | ||
| CVE-2025-39598 | Med | 0.32 | 4.9 | 0.01 | Apr 16, 2025 | Path Traversal: '.../...//' vulnerability in Quý Lê 91 Administrator Z administrator-z allows Path Traversal.This issue affects Administrator Z: from n/a through <= 2025.03.28. | ||
| CVE-2025-27274 | Med | 0.32 | 4.9 | 0.00 | Mar 3, 2025 | Path Traversal: '.../...//' vulnerability in axelkeller GPX Viewer gpx-viewer allows Path Traversal.This issue affects GPX Viewer: from n/a through <= 2.2.11. |
- risk 0.42cvss 6.5epss 0.01
Path Traversal: '.../...//' vulnerability in Arraytics Eventin wp-event-solution allows Path Traversal.This issue affects Eventin: from n/a through <= 4.0.7.
- risk 0.42cvss 6.5epss 0.01
Path Traversal vulnerability in FULL. FULL Customer allows Path Traversal.This issue affects FULL Customer: from n/a through 3.1.25.
- risk 0.42cvss 6.5epss 0.01
A low privileged remote attacker can overwrite an arbitrary file on the filesystem which may lead to an arbitrary file read with root privileges.
- risk 0.42cvss 6.5epss 0.01
Path Traversal: '.../...//' vulnerability in Limbcode WordPress Gallery Plugin – Limb Image Gallery limb-gallery.This issue affects WordPress Gallery Plugin – Limb Image Gallery: from n/a through <= 1.5.7.
- risk 0.42cvss 6.5epss 0.01
Path Traversal: '.../...//' vulnerability in DevItems HT Mega ht-mega-for-elementor.This issue affects HT Mega: from n/a through <= 2.5.7.
- risk 0.41cvss 6.3epss 0.00
Path Traversal vulnerability in NotFound Pie Register Premium. This issue affects Pie Register Premium: from n/a through 3.8.3.2.
- risk 0.38cvss —epss 0.00
A vulnerability was discovered in the firmware builds up to 8.2.1.0820 in certain Poly devices. The firmware flaw does not properly prevent path traversal and could lead to information disclosure.
- risk 0.38cvss 5.9epss 0.00
An authenticated user can access the restricted files from NX, EX, FX, AX, IVX and CMS using path traversal.
- risk 0.37cvss 5.7epss 0.00
A Path Traversal vulnerability in usbmuxd allows local users to escalate to the service user.This issue affects usbmuxd: before 3ded00c9985a5108cfc7591a309f9a23d57a8cba.
- risk 0.37cvss 6.8epss 0.01
The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.8.23 via the esc_dir function. This makes it possible for authenticated attackers to cut and paste (copy) the contents of…
- risk 0.37cvss 6.8epss 0.01
The File Manager plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 7.2.5 via the fm_download_backup function. This makes it possible for authenticated attackers, with administrator access and above, to read the contents of arbitrary…
- risk 0.35cvss 5.4epss 0.00
A path traversal vulnerability in RSFirewall component 2.9.7 - 3.1.5 for Joomla was discovered. This vulnerability allows authenticated users to read arbitrary files outside the Joomla root directory. The flaw is caused by insufficient sanitization of user-supplied input in file…
- risk 0.35cvss 5.4epss 0.00
Path Traversal vulnerability in NotFound WPJobBoard allows Path Traversal. This issue affects WPJobBoard: from n/a through n/a.
- risk 0.34cvss 5.3epss 0.00
Path Traversal: '.../...//' vulnerability in primersoftware Primer MyData for Woocommerce primer-mydata allows Path Traversal.This issue affects Primer MyData for Woocommerce: from n/a through <= 4.2.8.
- risk 0.34cvss 5.3epss 0.00
Path Traversal: '.../...//' vulnerability in Printeers Printeers Print & Ship allows Path Traversal.This issue affects Printeers Print & Ship: from n/a through 1.17.0.
- risk 0.34cvss 5.3epss 0.00
Path Traversal: '.../...//' vulnerability in ctltwp Section Widget section-widget allows Path Traversal.This issue affects Section Widget: from n/a through <= 3.3.1.
- risk 0.33cvss 5.0epss 0.00
Path Traversal: '.../...//' vulnerability in Bogdan Bendziukov Squeeze squeeze allows Path Traversal.This issue affects Squeeze: from n/a through <= 1.7.7.
- risk 0.32cvss 4.9epss 0.00
Path Traversal: '.../...//' vulnerability in WordPress.org Health Check & Troubleshooting health-check allows Path Traversal.This issue affects Health Check & Troubleshooting: from n/a through <= 1.7.1.
- risk 0.32cvss 4.9epss 0.01
Path Traversal: '.../...//' vulnerability in Quý Lê 91 Administrator Z administrator-z allows Path Traversal.This issue affects Administrator Z: from n/a through <= 2025.03.28.
- risk 0.32cvss 4.9epss 0.00
Path Traversal: '.../...//' vulnerability in axelkeller GPX Viewer gpx-viewer allows Path Traversal.This issue affects GPX Viewer: from n/a through <= 2.2.11.