Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
download plugin vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2014-9013
The ajaxinit function in wpmarketplace/libs/cart.php in the WP Marketplace plugin 2.4.0 for WordPress allows remote authenticated users to create arbitrary users and gain admin privileges via a request to wpmp_pp_ajax_call with an execution target of wp_insert_user.
Wpmarketplace Project Wpmarketplace 2.4.0
2 EDB exploits
4.3
CVSSv3
CVE-2014-9014
Directory traversal vulnerability in the ajaxinit function in wpmarketplace/libs/cart.php in the WP Marketplace plugin prior to 2.4.1 for WordPress allows remote authenticated users to download arbitrary files via a .. (dot dot) in the file parameter.
Wpmarketplace Project Wpmarketplace 2.4.0
2 EDB exploits
NA
CVE-2013-7240
Directory traversal vulnerability in download-file.php in the Advanced Dewplayer plugin 1.2 for WordPress allows remote malicious users to read arbitrary files via a .. (dot dot) in the dew_file parameter.
Westerndeal Advanced Dewplayer 1.2
Wordpress Wordpress -
1 EDB exploit
1 Github repository
9.8
CVSSv3
CVE-2017-1002008
Vulnerability in wordpress plugin membership-simplified-for-oap-members-only v1.58, The file download code located membership-simplified-for-oap-members-only/download.php does not check whether a user is logged in and has download privileges.
Membership Simplified Project Membership Simplified 1.58
1 EDB exploit
7.5
CVSSv3
CVE-2015-5468
Directory traversal vulnerability in the WP e-Commerce Shop Styling plugin prior to 2.6 for WordPress allows remote malicious users to read arbitrary files via a .. (dot dot) in the filename parameter to includes/download.php.
Wpshopstyling Wp E-commerce Shop Styling
1 EDB exploit
NA
CVE-2015-1579
Directory traversal vulnerability in the Elegant Themes Divi theme for WordPress allows remote malicious users to read arbitrary files via a .. (dot dot) in the img parameter in a revslider_show_image action to wp-admin/admin-ajax.php. NOTE: this vulnerability may be a duplicate ...
Elegant Themes Divi -
2 EDB exploits
4 Github repositories
NA
CVE-2014-9734
Directory traversal vulnerability in the Slider Revolution (revslider) plugin prior to 4.2 for WordPress allows remote malicious users to read arbitrary files via a .. (dot dot) in the img parameter in a revslider_show_image action to wp-admin/admin-ajax.php.
Themepunch Slider Revolution
2 EDB exploits
NA
CVE-2014-92601
WordPress Download Manager plugin version 2.7.2 suffers from a privilege escalation vulnerability.
NA
CVE-2008-4401
ActionScript in Adobe Flash Player 9.0.124.0 and previous versions does not require user interaction in conjunction with (1) the FileReference.browse operation in the FileReference upload API or (2) the FileReference.download operation in the FileReference download API, which all...
Adobe Flash Player 7.0.1
Adobe Flash Player 7.0.70.0
Adobe Flash Player 7.0 R67
Adobe Flash Player 8.0.35.0
Adobe Flash Player 8.0.39.0
Adobe Flash Player 7.0
Adobe Flash Player 7.1
Adobe Flash Player 7.1.1
Adobe Flash Player 9.0
Adobe Flash Player 9.0.112.0
Adobe Flash Player 7.0.25
Adobe Flash Player 7.2
Adobe Flash Player 8.0
Adobe Flash Player 9.0.114.0
Adobe Flash Player 9.0.115.0
Adobe Flash Player 7.0.63
Adobe Flash Player 7.0.69.0
Adobe Flash Player 8.0.24.0
Adobe Flash Player 8.0.34.0
Adobe Flash Player
NA
CVE-2010-0696
Directory traversal vulnerability in includes/download.php in the JoomlaWorks AllVideos (Jw_allVideos) plugin 3.0 up to and including 3.2 for Joomla! allows remote malicious users to read arbitrary files via a ./../.../ (modified dot dot) in the file parameter.
Joomlaworks Jw Allvideos 3.2
Joomlaworks Jw Allvideos 3.1
Joomlaworks Jw Allvideos 3.0
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
6
7
8
9
10
NEXT »