Monthly
Path traversal in the Tax Exempt for WooCommerce plugin (versions <= 1.9.3) by Addify enables authenticated customer-level users to read arbitrary files from the server's filesystem. The vulnerability carries a CVSS 6.5 Medium score with high confidentiality impact, as a low-privileged account (a standard customer/shopper) can traverse directory boundaries to access sensitive files such as wp-config.php containing database credentials. No public exploit code or active CISA KEV listing has been identified at time of analysis.
Unauthenticated local file inclusion in the Mikado-Themes Kastell WordPress theme (versions ≤ 2.0) allows remote attackers to traverse directories and read or include arbitrary server-side files, potentially leading to disclosure of sensitive configuration data such as wp-config.php and, depending on PHP configuration, code execution. The flaw is reported via Patchstack with CVSS 8.1 (high) and no public exploit identified at time of analysis. The CWE-35 classification (Path Traversal: '.../...//') points to relative-path manipulation as the root cause.
Path traversal in the FastDup WordPress plugin through version 2.7.2 allows remote attackers to read or write arbitrary files outside the plugin's intended directory after a single user interaction, with confidentiality, integrity, and availability impacts extending to the WordPress host (scope-changed, CVSS 9.6). The flaw is unauthenticated per the CVSS vector but requires a victim to trigger the malicious request, and no public exploit identified at time of analysis. Disclosure originates from Patchstack's WordPress vulnerability research program.
Unauthenticated path traversal in the Shared Files WordPress plugin (versions 1.7.64 and earlier) allows remote attackers to read arbitrary files outside the plugin's intended directory scope on the underlying WordPress host. The flaw is reachable without authentication over the network and carries a CVSS 7.5 with high confidentiality impact, though no public exploit identified at time of analysis and the issue is not listed in CISA KEV. Disclosed by Patchstack, the bug primarily threatens sensitive files such as wp-config.php and other server-side secrets accessible to the web user.
Authenticated path traversal in the WP Customer Area WordPress plugin through version 8.3.4 allows users with low-privilege custom roles to escape intended directory boundaries and access or manipulate files outside the plugin's permitted scope. The CVSS 3.1 vector (AV:N/AC:L/PR:L/UI:N) indicates network-reachable exploitation by authenticated users with high impact across confidentiality, integrity, and availability. No public exploit identified at time of analysis and the issue is not currently listed in CISA KEV.
Path traversal in SAP NetWeaver Application Server Java's Web Container allows unauthenticated remote attackers to manipulate file inclusion parameters within crafted HTTP logon requests, leading to inclusion and processing of arbitrary local files. Successful exploitation can expose or modify sensitive data and render portions of the server unavailable, with no public exploit identified at time of analysis but a CVSS of 9.0 reflecting full CIA impact with scope change.
SAP Fiori Launchpad is vulnerable to malicious URL crafting that triggers arbitrary service calls within the Fiori domain, enabling credential theft from users who interact with the crafted link. Exploitation requires no attacker privileges (PR:N per CVSS) but demands high attack complexity (AC:H) and user interaction (UI:R), meaning adversaries must possess advanced system knowledge and successfully deliver the URL to a victim. No public exploit code has been identified at time of analysis and the vulnerability is not listed in the CISA KEV catalog, placing this in the medium-priority tier despite the credential-theft potential.
Privilege escalation via chroot bypass in PluginScript allows local users to execute host binaries such as /bin/bash with root privileges when the repoManagerRoot is set to '/' (a common default or result of --root). Because chroot to the system root is a no-op, path traversal within the plugin escapes intended isolation. No public exploit identified at time of analysis, but the issue was reported by a SUSE researcher and is tracked in SUSE Bugzilla.
SGLangs multimodal generation runtime is vulnerable to an unauthenticated path traversal vulnerability, allowing an attacker to write arbitrary files anywhere the server process has write access, by including ../ sequences in the upload filename when sent to specific endpoints.
Authenticated administrators in F5 BIG-IP Appliance mode can bypass configuration restrictions designed to prevent system-level access. Administrators with the 'Administrator' role can circumvent Appliance mode lockdown controls, potentially modifying underlying system configurations that should be protected in this deployment mode. Vendor patch available per F5 Security Advisory K000160876. CVSS 8.5 reflects high confidentiality/integrity impact despite requiring privileged authentication.
Path traversal in the Tax Exempt for WooCommerce plugin (versions <= 1.9.3) by Addify enables authenticated customer-level users to read arbitrary files from the server's filesystem. The vulnerability carries a CVSS 6.5 Medium score with high confidentiality impact, as a low-privileged account (a standard customer/shopper) can traverse directory boundaries to access sensitive files such as wp-config.php containing database credentials. No public exploit code or active CISA KEV listing has been identified at time of analysis.
Unauthenticated local file inclusion in the Mikado-Themes Kastell WordPress theme (versions ≤ 2.0) allows remote attackers to traverse directories and read or include arbitrary server-side files, potentially leading to disclosure of sensitive configuration data such as wp-config.php and, depending on PHP configuration, code execution. The flaw is reported via Patchstack with CVSS 8.1 (high) and no public exploit identified at time of analysis. The CWE-35 classification (Path Traversal: '.../...//') points to relative-path manipulation as the root cause.
Path traversal in the FastDup WordPress plugin through version 2.7.2 allows remote attackers to read or write arbitrary files outside the plugin's intended directory after a single user interaction, with confidentiality, integrity, and availability impacts extending to the WordPress host (scope-changed, CVSS 9.6). The flaw is unauthenticated per the CVSS vector but requires a victim to trigger the malicious request, and no public exploit identified at time of analysis. Disclosure originates from Patchstack's WordPress vulnerability research program.
Unauthenticated path traversal in the Shared Files WordPress plugin (versions 1.7.64 and earlier) allows remote attackers to read arbitrary files outside the plugin's intended directory scope on the underlying WordPress host. The flaw is reachable without authentication over the network and carries a CVSS 7.5 with high confidentiality impact, though no public exploit identified at time of analysis and the issue is not listed in CISA KEV. Disclosed by Patchstack, the bug primarily threatens sensitive files such as wp-config.php and other server-side secrets accessible to the web user.
Authenticated path traversal in the WP Customer Area WordPress plugin through version 8.3.4 allows users with low-privilege custom roles to escape intended directory boundaries and access or manipulate files outside the plugin's permitted scope. The CVSS 3.1 vector (AV:N/AC:L/PR:L/UI:N) indicates network-reachable exploitation by authenticated users with high impact across confidentiality, integrity, and availability. No public exploit identified at time of analysis and the issue is not currently listed in CISA KEV.
Path traversal in SAP NetWeaver Application Server Java's Web Container allows unauthenticated remote attackers to manipulate file inclusion parameters within crafted HTTP logon requests, leading to inclusion and processing of arbitrary local files. Successful exploitation can expose or modify sensitive data and render portions of the server unavailable, with no public exploit identified at time of analysis but a CVSS of 9.0 reflecting full CIA impact with scope change.
SAP Fiori Launchpad is vulnerable to malicious URL crafting that triggers arbitrary service calls within the Fiori domain, enabling credential theft from users who interact with the crafted link. Exploitation requires no attacker privileges (PR:N per CVSS) but demands high attack complexity (AC:H) and user interaction (UI:R), meaning adversaries must possess advanced system knowledge and successfully deliver the URL to a victim. No public exploit code has been identified at time of analysis and the vulnerability is not listed in the CISA KEV catalog, placing this in the medium-priority tier despite the credential-theft potential.
Privilege escalation via chroot bypass in PluginScript allows local users to execute host binaries such as /bin/bash with root privileges when the repoManagerRoot is set to '/' (a common default or result of --root). Because chroot to the system root is a no-op, path traversal within the plugin escapes intended isolation. No public exploit identified at time of analysis, but the issue was reported by a SUSE researcher and is tracked in SUSE Bugzilla.
SGLangs multimodal generation runtime is vulnerable to an unauthenticated path traversal vulnerability, allowing an attacker to write arbitrary files anywhere the server process has write access, by including ../ sequences in the upload filename when sent to specific endpoints.
Authenticated administrators in F5 BIG-IP Appliance mode can bypass configuration restrictions designed to prevent system-level access. Administrators with the 'Administrator' role can circumvent Appliance mode lockdown controls, potentially modifying underlying system configurations that should be protected in this deployment mode. Vendor patch available per F5 Security Advisory K000160876. CVSS 8.5 reflects high confidentiality/integrity impact despite requiring privileged authentication.