CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-27274 – WordPress GPX Viewer plugin <= 2.2.11 - Path Traversal vulnerability
https://notcve.org/view.php?id=CVE-2025-27274
21 Feb 2025 — Path Traversal vulnerability in NotFound GPX Viewer allows Path Traversal. This issue affects GPX Viewer: from n/a through 2.2.11. The GPX Viewer plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 2.2.11. This makes it possible for authenticated attackers, with Editor-level access and above, to perform actions on files outside of the originally intended directory. • https://patchstack.com/database/wordpress/plugin/gpx-viewer/vulnerability/wordpress-gpx-viewer-plugin-2-2-11-path-traversal-vulnerability?_s_id=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-35: Path Traversal: '.../ •
CVSS: 9.0EPSS: 50%CPEs: 1EXPL: 3CVE-2024-10629 – GPX Viewer <= 2.2.8 - Authenticated (Subscriber+) Arbitrary File Creation
https://notcve.org/view.php?id=CVE-2024-10629
12 Nov 2024 — The GPX Viewer plugin for WordPress is vulnerable to arbitrary file creation due to a missing capability check and file type validation in the gpxv_file_upload() function in all versions up to, and including, 2.2.8. This makes it possible for authenticated attackers, with subscriber-level access and above, to create arbitrary files on the affected site's server which may make remote code execution possible. The GPX Viewer plugin for WordPress is vulnerable to arbitrary file creation due to a missing capabil... • https://packetstorm.news/files/id/189731 • CWE-862: Missing Authorization •