CWE-22 (对路径名的限制不恰当(路径遍历)) — Vulnerability Class 3344

3344 vulnerabilities classified as CWE-22 (对路径名的限制不恰当(路径遍历)). AI Chinese analysis included.

CVE ID	Title	CVSS	Severity	Published
CVE-2024-47556	Pre-Auth RCE via Path Traversal — FreeFlow Core	8.3	High	2024-10-07
CVE-2024-47309	WordPress Cities Shipping Zones for WooCommerce plugin <= 1.2.7 - Local File Inclusion vulnerability — Cities Shipping Zones for WooCommerce	6.6	Medium	2024-10-05
CVE-2024-44034	WordPress WPSPX plugin <= 1.0.2 - Local File Inclusion vulnerability — WPSPX	7.5	High	2024-10-05
CVE-2024-44018	WordPress Instant Chat WP plugin <= 1.0.5 - Local File Inclusion vulnerability — Instant Chat Floating Button for WordPress Websites	7.5	High	2024-10-05
CVE-2024-44016	WordPress Podiant plugin <= 1.1 - Local File Inclusion vulnerability — Podiant	7.5	High	2024-10-05
CVE-2024-44015	WordPress Users Control plugin <= 1.0.16 - Local File Inclusion vulnerability — Users Control	7.5	High	2024-10-05
CVE-2024-44014	WordPress Vmax Project Manager plugin <= 1.0 - Local File Inclusion to RCE vulnerability — Vmax Project Manager	9.6	Critical	2024-10-05
CVE-2024-44013	WordPress VR Calendar plugin <= 2.4.0 - Local File Inclusion vulnerability — VR Calendar	7.5	High	2024-10-05
CVE-2024-44012	WordPress WP Newsletter Subscription plugin <= 1.1 - Local File Inclusion vulnerability — WP Newsletter Subscription	7.5	High	2024-10-05
CVE-2024-44011	WordPress WP Ticket Ultra plugin <= 1.0.5 - Local File Inclusion vulnerability — WP Ticket Ultra Help Desk & Support Plugin	7.5	High	2024-10-05
CVE-2024-9146	WordPress CSS JS Files plugin <= 1.5.0 - Directory Traversal to File Read vulnerability — CSS JS Files	4.9	Medium	2024-10-05
CVE-2024-47841	Path traversal when loading stylesheets — Mediawiki - CSS Extension	7.5	-	2024-10-05
CVE-2024-47769	IDURAR has a Path Traversal (unauthenticated user can read sensitive data) — idurar-erp-crm	7.5	High	2024-10-04
CVE-2024-41163	Veertu Anka Build 路径遍历漏洞 — Anka Build	7.5	High	2024-10-03
CVE-2024-41922	Veertu Anka Build 路径遍历漏洞 — Anka Build	7.5	High	2024-10-03
CVE-2024-9100	Local File Inclusion — Analytics Plus	6.5	Medium	2024-10-03
CVE-2024-8352	Social Web Suite – Social Media Auto Post, Social Media Auto Publish <= 4.1.11 - Directory Traversal to Arbitrary File Download — Social Web Suite – Social Media Auto Post, Social Media Auto Publish	7.5	High	2024-10-03
CVE-2024-46977	OpenC3 COSMOS allows a path traversal via screen controller (`GHSL-2024-127`) — cosmos	6.5	-	2024-10-02
CVE-2024-44017	WordPress MH Board plugin <= 1.3.2.1 - Local File Inclusion vulnerability — MH Board	7.5	High	2024-10-02
CVE-2024-44030	WordPress Checkout Mestres WP plugin <= 8.6 - Local File Inclusion vulnerability — Checkout Mestres WP	7.2	High	2024-10-02
CVE-2024-47071	OSS Endpoint Manager allows unauthorized access to read system files — endpointman	6.8	Medium	2024-10-01
CVE-2024-9224	Hello World <= 2.1.1 - Authenticated (Subscriber+) Arbitrary File Read — Hello World	6.5	Medium	2024-10-01
CVE-2024-9301	Netflix e2nest 安全漏洞 — E2Nest	6.5^AI	Medium^AI	2024-09-27
CVE-2024-7149	Event Manager, Events Calendar, Tickets, Registrations – Eventin <= 4.0.8 - Authenticated (Contributor+) Local File Inclusion — Eventin – Event Calendar, Event Registration, Tickets & Booking (AI Powered)	8.8	High	2024-09-27
CVE-2024-47292	Huawei HarmonyOS 安全漏洞 — HarmonyOS	6.2	Medium	2024-09-27
CVE-2024-8704	Advanced File Manager <= 5.2.8 - Authenticated (Administrator+) Local JavaScript File Inclusion via fma_locale — Advanced File Manager – Ultimate File Manager for WordPress And Document Library Solution	7.2	High	2024-09-26
CVE-2024-8291	Concrete CMS Stored XSS in Image Editor Background Color — Concrete CMS	4.8^AI	Medium^AI	2024-09-24
CVE-2024-8941	Path Traversal vulnerability on Scriptcase — Scriptcase	7.5	High	2024-09-24
CVE-2024-8671	WooEvents <= 4.1.2 - Unauthenticated Arbitrary File Overwrite — WooEvents - Calendar and Event Booking	9.1	Critical	2024-09-24
CVE-2024-43996	WordPress ElementsKit Pro plugin <= 3.6.0 - Local File Inclusion vulnerability — ElementsKit Pro	6.5	Medium	2024-09-23

Vulnerabilities classified as CWE-22 (对路径名的限制不恰当(路径遍历)) represent 3344 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

CWE-22 (对路径名的限制不恰当(路径遍历)) — Vulnerability Class 3344